last executing test programs:

8.537890752s ago: executing program 3 (id=1399):
openat$incfs(0xffffffffffffffff, 0x0, 0x8001, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(0xffffffffffffffff, 0x40086602, 0x0)
syz_open_procfs(0x0, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r3, 0x0, 0x13, &(0x7f0000000040), 0x4)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x6, 0x0)
syz_open_procfs(0x0, 0x0)
r5 = fanotify_init(0xf00, 0x1)
fanotify_mark(r5, 0x105, 0x40009965, r4, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x189)

7.523240427s ago: executing program 3 (id=1407):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x181, 0x0)
ioctl$KVM_GET_SUPPORTED_CPUID(r0, 0xc008ae05, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
fsopen(&(0x7f0000000180)='hugetlbfs\x00', 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f0000000000)={0x2f})

7.452019135s ago: executing program 4 (id=1408):
syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket(0x10, 0x3, 0x0)
openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000280), 0x44000, 0x0)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0)

6.300521551s ago: executing program 4 (id=1411):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$NFNL_MSG_ACCT_NEW(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)
socket(0x1e, 0x4, 0x0)
r2 = socket$kcm(0xa, 0x1, 0x106)
sendmsg$kcm(r2, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x20000011)
ioctl$FS_IOC_GETFSSYSFSPATH(0xffffffffffffffff, 0x80811501, 0x0)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
write$binfmt_register(0xffffffffffffffff, &(0x7f0000001200)={0x3a, 'syz3', 0x3a, 'E', 0x3a, 0x1000000000000009, 0x3a, 'M', 0x3a, '~\b\x011\xcaL\x8f\x88\x9fM\xf7e\xe2\xd6\xbb\xc7\\M\b\x98R\xc3\xf5\xbd\x0fq\xbd\x85\nJ\xa9\xac\xe7@\nfA\'o\xa3ry;\xeb3\xd4\x83\x92jZ{I\x8ei?U\xfbq\x97T!Xk\xaa%F\x01\x9e^\xb6H\xb2k\x94\xb2\xab\xbf\x82\xa7\xe6G6f\rHtA>\x13\x9b\xdb!\x18\xeb\x95\xb8,$4\xa2\xa4\xa8Ob7\xc0i\xbc\n\x97\xf6\xea\xe9\x1d\x86\xb9,\xfd\x0e`@\xcd\xedl#\xf0\x80\xfc\xb8\x86Z\xb3\v\xeb@\xe9%\xd0\x8e]\x03\xfd\xa1\xbc;\x8c\xb17A\x8b z\x81~\xef.\xa4\xa7\x04\x14%\x8a\xbdtP\xa5\x9f\xf1x\xbc\x80\x048w\x1e\x9fzL\xd6(TS0;[1\xb0F\x85\xe3\xf4\r6v0\xf8\'\x1f\x1f4@\xbc0D\xc6\xba.\xf3|\xebn\xc0&\xed[\xb5\x89\xb8<\x8e[x-\x01\'\xd5\xe5\x1f*\x9d!<\x82`\xd3\f\xf67\xa6U\":\xd9\x17;K\xe7;y\xa5.q\xf6\xc8/Dv\xd2s\xdeEq \xabz\xb6\xa7H\x82_\xe1\x8c\xaa\xefV\xafZ\x10!\x93K\x8e\r\xb6\xce\xf4]\xcc\xcf\x1f\x80\x11@\xec\x7f\xf5\xb3\xb1\nRV(\"\x10<N\x18Q\xdb%Y\xde\xe5aP\xb6\xe0\xab\xc9\xc9\xc8\b\xf2H\xa9+\x9ct2lj\xc7q\xf2\xe8\xe8\f\xb2\xeb\x10=\xd1\xa6_\xc1\xde\x86rJ_$\x0f\xc6\xb0\xe3\v\x84\t\x9a\x86\xb0\n\x98\x82\x8f\xa3\xe9\xf0mrzb\xcd\x10<\xc6\xed\x8d+\xd0\xf8\xfc\xc5M\xd07\xfc^\x80\x99\f\x19\xef<{M\x9f\xa2\xeexef$\xee/\xeb:\x94\xe2\x00\xadG\xa7l\xd9Z\x9cm\xb8!@dt\xd4\xd70\xe7.S3\xec\xf9n\'\xb0\']`\xf9M\xae\x0f\x970\x1f\xed\x90\x9c\xf5l\xedU\x82\xcd\xa6:\xe9\xcbe\xfbzu\xe0pW\x92_\x85k\x00<\x8d7l\xfc\xeb\xe2\xf4((?\x17\x83\xcaN7C\xfa7\x03[cM\xea#\xbd\xee\xe2\x9a\xce\xcd\x94\x9b\xe1\t8\x0e\xe8\xceT\x90mD\xf1\xbd\xf9\x13\xcb\xfe\x81\xeb\x97\x16c\xef\xab\xfa^l\x1bl\x87\xcd\xbf\x7f\xb5\xa1\xbf)\x99+\xad\xa0\xc4\xf6\xe9\x85s\x8c\x9a~\xafd\xc9\xf0\x83\x1d\x81\xea0tj#0hrC\x06\xfdq\x05\x18\xdc\x0e\xa5d', 0x3a, './file0', 0x3a, [0x50, 0x43, 0x50, 0x43]}, 0xfffffffffffffe04)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x101240, 0x10a)
r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x801, 0x0)
ioctl$UI_ABS_SETUP(r3, 0x401c5504, &(0x7f0000000800)={0x0, {0xfffffff9, 0x0, 0x8, 0x3, 0x3, 0xbb}})
write$uinput_user_dev(r3, &(0x7f0000000240)={'syz0\x00', {0x9, 0x1, 0x2, 0x3}, 0x2, [0x5, 0x5, 0x81, 0x8, 0x4, 0x1000, 0x50000, 0x1, 0x10001, 0xffffa103, 0x3, 0x6, 0x6, 0x6, 0x7, 0x3, 0x6, 0x0, 0x40, 0x5, 0x1cac, 0x3eb, 0xb8f, 0x3, 0x400, 0x40, 0x6, 0x0, 0xfffffffa, 0xdc, 0xffffffff, 0xa1bc, 0x200, 0x7, 0x6, 0x6, 0x3, 0x1, 0x0, 0x0, 0x2, 0x400, 0x7a08, 0x200, 0x3, 0x6, 0x7ff, 0x7f, 0x1c, 0x7, 0xe, 0x9, 0x5, 0xa, 0x3, 0x2, 0xf7, 0xfff, 0x71, 0x5, 0x1ac0, 0x4f, 0x6, 0x8], [0x5, 0x3ff, 0x6, 0xea, 0x3, 0x0, 0xca, 0x1c5936c5, 0x9, 0xfffffff8, 0x4, 0x1, 0x7, 0x6, 0xa, 0x4, 0x2, 0x0, 0x5, 0x2, 0x0, 0x6, 0x0, 0x1, 0x9, 0x6, 0x5e5893ee, 0xfffffff7, 0x9, 0x10000, 0x3, 0x8001, 0x2e6d, 0x7ff, 0x1, 0x9000, 0x877, 0x9, 0x8, 0x8, 0x80000000, 0xfff, 0x5, 0x7, 0x8, 0x5, 0x75da, 0x2, 0x5, 0xe8, 0x3, 0x9, 0x5, 0x7, 0xb99c, 0x2, 0x1000001, 0x4, 0x4, 0x1, 0x1, 0x9, 0x2, 0xc406], [0x80000001, 0x2, 0x9, 0x9, 0x0, 0xb9, 0x897, 0x5, 0x3, 0x4, 0x2, 0x5, 0x3, 0x9, 0x9, 0x7, 0x9, 0x61, 0x9, 0x5, 0x9, 0x8, 0x2, 0x6, 0x8001, 0x4, 0xc, 0x80000000, 0x7fffffff, 0x1, 0x1, 0x6, 0x8, 0x3, 0x2, 0x5, 0x3, 0x2, 0x1, 0x24, 0x9, 0x2000000, 0x4, 0xff, 0x7, 0x3eef6cc9, 0x1, 0x7, 0x7, 0x8bd, 0x9, 0xfffffff9, 0x80000001, 0x5, 0xffffff1d, 0x6, 0x0, 0xa, 0xfff, 0xfff, 0x1, 0x1, 0x19ee, 0xfffffff9], [0x0, 0x10, 0x101, 0x2, 0x4, 0x9c500, 0xef, 0x8, 0xc61, 0x7, 0x1d, 0x358, 0xd567, 0x1d5, 0xc8b, 0x658, 0xcbfd, 0x101, 0x6, 0x5, 0xb, 0x5, 0x6, 0x3, 0x75d6, 0xb26, 0x3ff, 0x6, 0x9, 0x0, 0x1, 0xf412, 0x2, 0x2, 0x2000002, 0x3, 0x3, 0x9, 0x3, 0x5, 0x3, 0x3, 0xfffffff3, 0x8000, 0x6, 0x6, 0xffff, 0x80, 0xf, 0xfff, 0xfff, 0xffff, 0xfffffffe, 0x80, 0xb975, 0x5, 0x5e1, 0xa, 0xffff58ee, 0x2, 0x2530, 0x4, 0x26da282, 0xc]}, 0x45c)
ioctl$UI_SET_EVBIT(r3, 0x40045564, 0x3)
ioctl$UI_DEV_SETUP(r3, 0x5501, 0x0)

6.105855784s ago: executing program 3 (id=1412):
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x83, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e25}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000180)={@broadcast, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "101040", 0x14, 0x6, 0xff, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x70}}}}}}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000001480)=[{{0x0, 0x0, &(0x7f0000000340)}}], 0x1, 0x400c405)
exit(0xfe)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000005c0)=[{{&(0x7f00000004c0)={0xa, 0x4e22, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x10003}, 0x1c, 0x0}}, {{&(0x7f0000000800)={0xa, 0x4e21, 0xfffffffe, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x1}, 0x1c, &(0x7f0000000c40)}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f00000048c0)=ANY=[], 0x80}}], 0x3, 0x48c0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x6, 0x8, 0x7ffd, 0x0, 0x9, 0x10, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000002340)='fdinfo\x00')
getdents(r2, &(0x7f0000000000)=""/43, 0x2b)
getdents64(r2, 0x0, 0x0)
memfd_create(0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r3 = socket$kcm(0xa, 0x2, 0x0)
r4 = socket(0x2, 0x80805, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000040)={0x84, @rand_addr=0x64010102, 0x4e22, 0x3, 'lblcr\x00', 0x1, 0x9d3d, 0x6a}, 0x2c)
setsockopt$IP_VS_SO_SET_ADDDEST(r4, 0x0, 0x487, &(0x7f0000000000)={{0x84, @empty, 0x4e21, 0x3, 'lc\x00', 0x5, 0x8, 0x77}, {@remote, 0x4e20, 0x10000, 0xcd}}, 0x44)
sendmsg$sock(r3, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r5 = syz_open_dev$radio(&(0x7f00000000c0), 0xffffffffffffffff, 0x2)
pread64(r5, 0x0, 0x3, 0x0)

5.851460191s ago: executing program 1 (id=1415):
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40081c4}, 0x44000)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0200000004000000020000000c000000001466bfdac3c37dd5273545b9193c412d42832b1bc897a82f6f0b95c99bcf82e5ef1a49736b94ceead334e440a96111d5713c3408ca3de393208cc5dfb2d637ec39407436c4494f0d20"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000980)=ANY=[@ANYRESHEX], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0x2, 0x3, 0x0, 0xad7}, 0x14)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000780)=ANY=[@ANYBLOB="2000000040000701feffffff00000000017c000004004280040001800400028016a31fdf7ce10161d410ff422b8e2fbb5087050c7166e190fcfe13dbf82a57a82fefc92afd799452a689e3a5505df1e8cf0c701ad72839279467c82e3fe76ffc80600202809d4dcd4cc067db037194463cde68290cc1221d89661e517136f46f8a5ac4d4f3c149b0088309c4099b3eff"], 0x20}}, 0xc000)
r1 = socket$alg(0x26, 0x5, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000008c0)=ANY=[], 0xbc}}, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292", 0xc)
sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10805}, 0x44049)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

5.575525557s ago: executing program 1 (id=1417):
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x5, 0x0, &(0x7f0000000140)='GPL\x00'}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0200000004000000020000000c000000001466bfdac3c37dd5273545b9193c412d42832b1bc897a82f6f0b95c99bcf82e5ef1a49736b94ceead334e440a96111d5713c34"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000980)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb7020000080000", @ANYRESHEX], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0x2, 0x3, 0x0, 0xad7}, 0x14)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000780)=ANY=[@ANYBLOB="2000000040000701feffffff00000000017c000004004280040001800400028016a31fdf7ce10161d410ff422b8e2fbb5087050c7166e190fcfe13dbf82a57a82fefc92afd799452a689e3a5505df1e8cf0c701ad72839279467c82e3fe76ffc80600202809d4dcd4cc067db037194463cde68290cc1221d89661e517136f46f8a5ac4d4f3c149b0088309c4099b3eff05da02de135771"], 0x20}}, 0xc000)
r1 = socket$alg(0x26, 0x5, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000008c0)=ANY=[], 0xbc}}, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

5.450106152s ago: executing program 0 (id=1418):
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x5, &(0x7f0000000d80)=ANY=[@ANYRESOCT], &(0x7f0000000140)='GPL\x00'}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0200000004000000020000000c000000001466bfdac3c37dd5273545b9193c412d42832b"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000980)=ANY=[@ANYRESHEX], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0x2, 0x3, 0x0, 0xad7}, 0x14)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000780)=ANY=[@ANYBLOB="2000000040000701feffffff00000000017c000004004280040001800400028016a31fdf7ce10161d410ff422b8e2fbb5087050c7166e190fcfe13dbf82a57a82fefc92afd799452a689e3a5505df1e8cf0c701ad72839279467c82e3fe76ffc80600202809d4dcd4cc067db037194463cde68290cc1221d89661e517136f46f8a5ac4d4f3c149b0088309c4099b3eff05da02de135771"], 0x20}}, 0xc000)
r1 = socket$alg(0x26, 0x5, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000008c0)=ANY=[], 0xbc}}, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

5.27721081s ago: executing program 1 (id=1419):
socket$netlink(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x1e, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
r0 = syz_open_dev$vbi(&(0x7f0000000080), 0x3, 0x2)
ioctl$IOMMU_HWPT_SET_DIRTY_TRACKING(0xffffffffffffffff, 0x3b8b, &(0x7f0000000000)={0x10})
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYRES32, @ANYRES16=0x0, @ANYRES8=r0], 0x1c}, 0x1, 0x0, 0x0, 0x24008855}, 0x48885)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f00000000c0)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r1, 0x0, 0x0)

5.275797577s ago: executing program 0 (id=1420):
set_mempolicy(0x4005, 0x0, 0x8)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x460603)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
mount(&(0x7f0000000040)=@nullb, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='ntfs3\x00', 0x1000080, 0x0)
prctl$PR_MCE_KILL(0x4e, 0x1, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

4.872266627s ago: executing program 1 (id=1421):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000680)=ANY=[@ANYBLOB="12010000cf8bed20d90f21004029000000010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000580)={0x44, &(0x7f0000000380)=ANY=[@ANYBLOB="201101"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000200)={&(0x7f0000000040)=[{0x8a, 0x1000, 0x0, 0x0}, {0xfffa, 0x8000, 0xfe, &(0x7f00000003c0)="c43c787530650700e69d21349fa666a2a46c6fffc58f7a1b313e82a5f425217484f544baf0eb50a4acd4ab67b0738e41963a779a1c3b453871194e254bd74fe73f830bb3dfcb5f21e0b2c552eb4f2deb488c5624f10e1f59b9cf54b95e26d565a3c9a964d27ea841d0a53933bb0a3a289dc1b906208baa08ef4b3801270cc8ff78c00873dc05b40011165bc8d1cebb6c858c2bda4e2a7259e876a9e4e9a51707dc6b6b6c0b7f122dd5942e19a52a47daf9c460ae7b6fe0dd0d5b3c8b3e6aa1f98d88b30357a0b2635a5d4543161ec627633a0c41788498ecc5e83feca605cf5594bb1b0824a39f198cc11ff2f4c300fee0ccd002aca9e4eaacde3f24207b"}], 0x2})
syz_usb_control_io(r0, 0x0, 0x0)

3.512753615s ago: executing program 2 (id=1424):
socket$vsock_stream(0x28, 0x1, 0x0)
socket$kcm(0x2d, 0x2, 0x0)
userfaultfd(0x1)
open(&(0x7f00000000c0)='./file0\x00', 0x108843, 0x98)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300))
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18080000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

3.401366093s ago: executing program 0 (id=1425):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000a80)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d640500000000006504040001001f000404000001007d60b7030000000000006a0a00fe00000100850000000d000000b7000000000000009500000000000000c74396c8e3ebbadc20e5a7ef8c9ac1465cbf188ef10871b81ac7553358380b3a1f59916ffc9bf0bdf81524f07fb2819bf5774fedda52e39c90af27db5b56024df96b4673b4e8d5467e114604ea09b290a248a120c9c6cd87cef9000000a39c15a7ef365cc27dfeac7b9b0e9048517354b0ca4f9cf8b59ee6fa003fe1f2c4c15f20a07db4583a462d8be6602186fd68ee14a19ea2eb42122b8635a66ce6b5b92356081bc0f18a0ca83dbc089a9813c1efa26001b3f486ebfaae85c4d0b96778478ae5355e6f923b11056969f486f80a35f7f2339704fa93fa915ab8e1e0d7f31ebd19455e6827cd493907bf9d0000000000000000000000004e1fa60acabcf0553910ca2e5ea499fd5889dde9261f0848a5b8af657bfc96049308e8953431b269053627a1523551c160c813969925a892d266792352ec0204596a37ce8d6d260b32239bddbce2e79f93cb5a0ad897adb53b397d07c50f84b74f2605a565ee149016aa75ea31c0087dcd821b47c8b36efc6da4fb2ea7f1f36c85856b73ac9872babc62149699b6b8c796a79d833eb4b5ca668d430db5653a2b3c5b"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xe80, 0x0, &(0x7f0000000040)="b90103606989068c3c270040f0832f9e0ff008001fffffe1ffff8100632f0806", 0x0, 0x104, 0x6000000000000000, 0x0, 0x0, 0x0, 0x0}, 0x50)

3.283457639s ago: executing program 0 (id=1426):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = dup(r0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c)
sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0xb, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)}], 0x1}, 0x48043)
r2 = dup(r0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000001000/0x1000)=nil, &(0x7f0000000000/0x2000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0xfffffffffffffed1)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r3 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0x20c89e, 0xc000, 0x8, 0xc1})
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1600000004"], 0x50)
io_uring_enter(r3, 0x2219, 0x7721, 0x16, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0xce20, 0x6, @empty, 0x2d}}, 0x7, 0x1, 0xf06, 0x3, 0xb4, 0x7f, 0x9}, 0x9c)
pipe2$9p(&(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
write$P9_RSETATTR(r5, &(0x7f0000000000)={0x7, 0x1b, 0x2}, 0xffffff9a)
recvmmsg$unix(r2, &(0x7f0000001200)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
splice(r4, 0x0, r0, 0x0, 0xffff, 0x2)

3.247002565s ago: executing program 2 (id=1427):
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40081c4}, 0x44000)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0200000004000000020000000c000000001466bfdac3c37dd5273545b9193c412d42832b1bc897a82f6f0b95c99bcf82e5ef1a49736b94ceead334e440a96111d5713c3408ca3de393208cc5dfb2d637ec39407436c4494f0d20"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000980)=ANY=[@ANYRESHEX], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0x2, 0x3, 0x0, 0xad7}, 0x14)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000780)=ANY=[@ANYBLOB="2000000040000701feffffff00000000017c000004004280040001800400028016a31fdf7ce10161d410ff422b8e2fbb5087050c7166e190fcfe13dbf82a57a82fefc92afd799452a689e3a5505df1e8cf0c701ad72839279467c82e3fe76ffc80600202809d4dcd4cc067db037194463cde68290cc1221d89661e517136f46f8a5ac4d4f3c149b0088309c4099b3eff"], 0x20}}, 0xc000)
r1 = socket$alg(0x26, 0x5, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000008c0)=ANY=[], 0xbc}}, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef91", 0x12)
sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10805}, 0x44049)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

3.055005365s ago: executing program 2 (id=1428):
r0 = io_uring_setup(0x4a86, &(0x7f0000000a00)={0x0, 0x4178, 0x40, 0x8001002, 0x112})
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x200000005c832, 0xffffffffffffffff, 0x79c8a000)
io_uring_register$IORING_REGISTER_IOWQ_AFF(r0, 0x11, &(0x7f0000000200)="a1", 0x1)

2.875915503s ago: executing program 2 (id=1429):
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x5, 0x0, &(0x7f0000000140)='GPL\x00'}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0200000004000000020000000c000000001466bfdac3c37dd5273545b9193c412d42832b1bc897a82f6f0b95c99bcf82e5ef1a49736b94ceead334e440a96111d5713c34"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000980)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb7020000080000", @ANYRESHEX], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0x2, 0x3, 0x0, 0xad7}, 0x14)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000780)=ANY=[@ANYBLOB="2000000040000701feffffff00000000017c000004004280040001800400028016a31fdf7ce10161d410ff422b8e2fbb5087050c7166e190fcfe13dbf82a57a82fefc92afd799452a689e3a5505df1e8cf0c701ad72839279467c82e3fe76ffc80600202809d4dcd4cc067db037194463cde68290cc1221d89661e517136f46f8a5ac4d4f3c149b0088309c4099b3eff05da02de135771"], 0x20}}, 0xc000)
r1 = socket$alg(0x26, 0x5, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000008c0)=ANY=[], 0xbc}}, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

2.861078597s ago: executing program 4 (id=1430):
socket$igmp6(0xa, 0x3, 0x3a)
syz_open_procfs(0xffffffffffffffff, &(0x7f00000007c0)='children\x00')
openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x100})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1})
ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa08, &(0x7f0000000000)={{&(0x7f0000ffd000/0x2000)=nil, 0x2000}, 0x1})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x2, 0x3, 0xffffe000, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

2.693547707s ago: executing program 3 (id=1431):
socket$netlink(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x1e, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
r0 = syz_open_dev$vbi(&(0x7f0000000080), 0x3, 0x2)
ioctl$IOMMU_HWPT_SET_DIRTY_TRACKING(0xffffffffffffffff, 0x3b8b, &(0x7f0000000000)={0x10})
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYRES32, @ANYRES16=0x0, @ANYRES8=r0], 0x1c}, 0x1, 0x0, 0x0, 0x24008855}, 0x48885)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f00000000c0)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r1, 0x0, 0x0)

2.655516757s ago: executing program 2 (id=1432):
open(&(0x7f0000000100)='./bus\x00', 0x143142, 0xa2)
syz_io_uring_setup(0x231, &(0x7f0000000140)={0x0, 0x5b4a, 0x1000, 0x200}, 0x0, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000240))
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
write$dsp(r0, &(0x7f0000000200), 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x801)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000100))
r2 = syz_open_dev$sndpcmp(&(0x7f0000001200), 0x0, 0xa2c65)
write$snddsp(r2, &(0x7f0000000200)="a3", 0x1)
ioctl$SNDRV_PCM_IOCTL_DRAIN(r2, 0x4144, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x1, 0x4, 0x8}, 0x0, &(0x7f00000002c0)={0x3ff, 0x30e3, 0x0, 0x3, 0x5, 0x8000000000, 0x80000001, 0xfffffffffffffffc}, 0x0, 0x0)

2.633915691s ago: executing program 4 (id=1433):
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x14, 0x0, 0x10, 0x70bd29, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x40081c4}, 0x44000)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x5, &(0x7f0000000d80)=ANY=[@ANYRESOCT], &(0x7f0000000140)='GPL\x00'}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0200000004000000020000000c000000001466bfdac3c37dd5273545b9193c412d42832b1bc897a82f6f0b95c99bcf82e5ef1a49736b94ceead334e440a96111d5713c3408ca3de393208cc5dfb2d637ec39407436c4494f0d20"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000980)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb7020000", @ANYRESHEX], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000780)=ANY=[@ANYBLOB="2000000040000701feffffff00000000017c000004004280040001800400028016a31fdf7ce10161d410ff422b8e2fbb5087050c7166e190fcfe13dbf82a57a82fefc92afd799452a689e3a5505df1e8cf0c701ad72839279467c82e3fe76ffc80600202809d4dcd4cc067db037194463cde68290cc1221d89661e517136f46f8a5ac4d4f3c149b0088309c4099b3eff05da02de13577133"], 0x20}}, 0xc000)
r1 = socket$alg(0x26, 0x5, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000008c0)=ANY=[], 0xbc}}, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10805}, 0x44049)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

2.519405014s ago: executing program 3 (id=1434):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @loopback, 0x3}, 0x7e)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount(0x0, 0x0, &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
chroot(&(0x7f0000000100)='./file0\x00')
syz_open_dev$tty20(0xc, 0x4, 0x1)
syz_open_dev$tty1(0xc, 0x4, 0x3)

2.518037099s ago: executing program 4 (id=1435):
syz_io_uring_setup(0x12e, 0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000004000000ff0f000003"], 0x48)
close(r0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1, 0xba7e}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800001}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x4, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc92b18236457ee3c8", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

2.395413233s ago: executing program 4 (id=1436):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x3, &(0x7f0000000100)=ANY=[], &(0x7f0000000300)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x3b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]})
chdir(&(0x7f00000001c0)='./bus\x00')
rmdir(&(0x7f0000000380)='./file0/../file0\x00')
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x2000)=nil, 0x2000, &(0x7f0000000000))
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0)
socket$netlink(0x10, 0x3, 0x14)
r3 = socket(0x2, 0x3, 0xff)
shutdown(r3, 0x1)
sendmmsg$inet(r3, &(0x7f0000000680)=[{{&(0x7f00000000c0)={0x2, 0x4e24, @empty}, 0x10, &(0x7f0000000300)=[{0x0}], 0x1}}], 0x1, 0x0)
r4 = socket$inet6(0xa, 0x805, 0x0)
getsockopt$bt_hci(r4, 0x84, 0x85, &(0x7f0000000080)=""/4060, &(0x7f00000010c0)=0xfdc)

2.300261101s ago: executing program 0 (id=1437):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f00000002c0)=ANY=[], 0x8)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
recvmmsg(r0, 0x0, 0x0, 0x2b, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x4a, &(0x7f0000000040)=0x7, 0x4)
setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000000)=0x1, 0x4)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)

2.272604858s ago: executing program 1 (id=1438):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=@ipmr_delroute={0x1c, 0x19, 0x1, 0x70bd2b, 0x25dfdbff, {0x80, 0x20, 0x90, 0x0, 0x0, 0x4, 0x0, 0x5, 0x5100}}, 0x1c}, 0x1, 0x0, 0x0, 0x24044801}, 0x4000004)

497.799222ms ago: executing program 2 (id=1439):
symlinkat(&(0x7f0000000080)='.\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x40, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
open(&(0x7f00000000c0)='.\x00', 0xd5b203, 0x8)

212.845242ms ago: executing program 0 (id=1440):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IPVS_CMD_ZERO(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000080)={0x44, r1, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x30, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@ipv4={'\x00', '\xff\xff', @multicast1}}, @IPVS_SVC_ATTR_PROTOCOL={0x6}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0xfffc}]}]}, 0x44}}, 0x0)
process_madvise(0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x0, 0x0)

211.772276ms ago: executing program 3 (id=1441):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket(0x10, 0x80003, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0xb, "0000000000810400"}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0x40000)

0s ago: executing program 1 (id=1442):
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x5, &(0x7f0000000d80)=ANY=[], &(0x7f0000000140)='GPL\x00'}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0200000004000000020000000c000000001466bfdac3c37dd5273545b9193c412d42832b1bc897a82f6f0b95c99bcf82e5ef1a49736b94ceead334e440a96111d5713c34"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000980)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb7020000080000", @ANYRESHEX], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0x2, 0x3, 0x0, 0xad7}, 0x14)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000780)=ANY=[@ANYBLOB="2000000040000701feffffff00000000017c000004004280040001800400028016a31fdf7ce10161d410ff422b8e2fbb5087050c7166e190fcfe13dbf82a57a82fefc92afd799452a689e3a5505df1e8cf0c701ad72839279467c82e3fe76ffc80600202809d4dcd4cc067db037194463cde68290cc1221d89661e517136f46f8a5ac4d4f3c149b0088309c4099b3eff05da02de135771"], 0x20}}, 0xc000)
r1 = socket$alg(0x26, 0x5, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000008c0)=ANY=[], 0xbc}}, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

kernel console output (not intermixed with test programs):

T5844] Bluetooth: hci1: command tx timeout
[   72.913534][ T5842] Bluetooth: hci0: command tx timeout
[   72.950156][ T5840] team0: Port device team_slave_0 added
[   72.959195][ T5840] team0: Port device team_slave_1 added
[   72.983475][ T5842] Bluetooth: hci2: command tx timeout
[   72.989560][ T5850] Bluetooth: hci3: command tx timeout
[   72.990983][ T5847] team0: Port device team_slave_0 added
[   72.995399][ T5844] Bluetooth: hci4: command tx timeout
[   73.006182][ T5847] team0: Port device team_slave_1 added
[   73.042651][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_0
[   73.049634][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   73.075666][ T5848] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   73.092200][ T5854] hsr_slave_0: entered promiscuous mode
[   73.099160][ T5854] hsr_slave_1: entered promiscuous mode
[   73.127683][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0
[   73.134914][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   73.160944][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   73.174984][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_1
[   73.181950][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   73.208133][ T5848] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   73.245608][ T5839] hsr_slave_0: entered promiscuous mode
[   73.252754][ T5839] hsr_slave_1: entered promiscuous mode
[   73.259518][ T5839] debugfs: 'hsr0' already exists in 'hsr'
[   73.265395][ T5839] Cannot create hsr debugfs directory
[   73.272184][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1
[   73.279451][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   73.305469][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   73.337957][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_0
[   73.345141][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   73.371442][ T5847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   73.384915][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_1
[   73.392594][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   73.418623][ T5847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   73.464347][ T5848] hsr_slave_0: entered promiscuous mode
[   73.470868][ T5848] hsr_slave_1: entered promiscuous mode
[   73.477490][ T5848] debugfs: 'hsr0' already exists in 'hsr'
[   73.483274][ T5848] Cannot create hsr debugfs directory
[   73.592907][ T5840] hsr_slave_0: entered promiscuous mode
[   73.599538][ T5840] hsr_slave_1: entered promiscuous mode
[   73.606227][ T5840] debugfs: 'hsr0' already exists in 'hsr'
[   73.611957][ T5840] Cannot create hsr debugfs directory
[   73.687352][ T5847] hsr_slave_0: entered promiscuous mode
[   73.694922][ T5847] hsr_slave_1: entered promiscuous mode
[   73.701195][ T5847] debugfs: 'hsr0' already exists in 'hsr'
[   73.707298][ T5847] Cannot create hsr debugfs directory
[   74.161429][ T5854] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   74.174920][ T5854] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   74.186972][ T5854] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   74.206057][ T5854] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   74.271194][ T5839] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   74.288403][ T5839] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   74.311644][ T5839] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   74.321905][ T5839] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   74.391317][ T5848] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   74.403137][ T5848] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   74.425437][ T5848] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   74.437720][ T5848] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   74.563954][ T5840] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   74.575693][ T5840] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   74.588462][ T5840] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   74.608762][ T5840] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   74.684606][ T5854] 8021q: adding VLAN 0 to HW filter on device bond0
[   74.724374][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0
[   74.770665][ T5854] 8021q: adding VLAN 0 to HW filter on device team0
[   74.779966][ T5847] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   74.790743][ T5847] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   74.803002][ T5847] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   74.818021][ T5847] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   74.840159][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.847568][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   74.897634][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.904812][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   74.921847][ T5839] 8021q: adding VLAN 0 to HW filter on device team0
[   74.953456][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.960604][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   74.983598][ T5844] Bluetooth: hci1: command tx timeout
[   74.983606][ T5842] Bluetooth: hci0: command tx timeout
[   75.005349][ T5848] 8021q: adding VLAN 0 to HW filter on device bond0
[   75.016659][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.023962][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   75.063337][ T5844] Bluetooth: hci2: command tx timeout
[   75.063419][ T5842] Bluetooth: hci4: command tx timeout
[   75.069090][ T5850] Bluetooth: hci3: command tx timeout
[   75.112130][ T5848] 8021q: adding VLAN 0 to HW filter on device team0
[   75.137744][   T84] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.144933][   T84] bridge0: port 1(bridge_slave_0) entered forwarding state
[   75.202979][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0
[   75.216261][   T84] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.223447][   T84] bridge0: port 2(bridge_slave_1) entered forwarding state
[   75.302947][ T5840] 8021q: adding VLAN 0 to HW filter on device team0
[   75.350562][ T1167] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.357791][ T1167] bridge0: port 1(bridge_slave_0) entered forwarding state
[   75.427128][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.434595][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   75.527562][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0
[   75.591698][ T5854] 8021q: adding VLAN 0 to HW filter on device batadv0
[   75.648377][ T5847] 8021q: adding VLAN 0 to HW filter on device team0
[   75.685450][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.692648][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   75.740356][   T84] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.747564][   T84] bridge0: port 2(bridge_slave_1) entered forwarding state
[   75.761446][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0
[   75.907110][ T5848] 8021q: adding VLAN 0 to HW filter on device batadv0
[   76.030701][ T5839] veth0_vlan: entered promiscuous mode
[   76.087821][ T5839] veth1_vlan: entered promiscuous mode
[   76.186505][ T5848] veth0_vlan: entered promiscuous mode
[   76.236925][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0
[   76.252883][ T5848] veth1_vlan: entered promiscuous mode
[   76.291927][ T5839] veth0_macvtap: entered promiscuous mode
[   76.316624][ T5839] veth1_macvtap: entered promiscuous mode
[   76.326270][ T5854] veth0_vlan: entered promiscuous mode
[   76.357252][ T5854] veth1_vlan: entered promiscuous mode
[   76.410860][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0
[   76.430528][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0
[   76.465063][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1
[   76.482607][ T5848] veth0_macvtap: entered promiscuous mode
[   76.538842][ T5848] veth1_macvtap: entered promiscuous mode
[   76.549924][   T84] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   76.562646][   T84] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   76.585458][   T84] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   76.647187][   T84] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   76.661420][ T5840] veth0_vlan: entered promiscuous mode
[   76.695144][ T5854] veth0_macvtap: entered promiscuous mode
[   76.715580][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_0
[   76.738365][ T5840] veth1_vlan: entered promiscuous mode
[   76.765027][ T5854] veth1_macvtap: entered promiscuous mode
[   76.790597][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_1
[   76.832994][   T84] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.848821][   T49] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   76.858620][   T49] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   76.859091][   T84] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.894911][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_0
[   76.902263][   T49] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   76.936931][   T49] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   76.951998][ T5840] veth0_macvtap: entered promiscuous mode
[   76.970036][ T5847] veth0_vlan: entered promiscuous mode
[   76.982454][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_1
[   76.996995][ T5840] veth1_macvtap: entered promiscuous mode
[   77.016602][   T84] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.025287][   T84] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.043375][   T36] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   77.052568][   T36] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   77.064043][ T5844] Bluetooth: hci0: command tx timeout
[   77.064090][ T5850] Bluetooth: hci1: command tx timeout
[   77.071941][   T36] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   77.090764][ T5847] veth1_vlan: entered promiscuous mode
[   77.099606][   T36] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   77.144551][ T5850] Bluetooth: hci4: command tx timeout
[   77.144578][ T5842] Bluetooth: hci3: command tx timeout
[   77.156920][ T5844] Bluetooth: hci2: command tx timeout
[   77.189200][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0
[   77.190649][ T5839] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   77.250799][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1
[   77.299461][   T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.308469][   T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.371244][ T5964] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   77.385324][ T1167] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   77.426970][ T1167] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   77.435807][ T1167] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   77.475498][ T1162] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.484159][ T1162] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.485824][ T1167] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   77.508631][ T5847] veth0_macvtap: entered promiscuous mode
[   77.555922][ T5847] veth1_macvtap: entered promiscuous mode
[   77.576589][ T1162] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.591316][ T1162] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.721843][ T1167] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.737318][ T1167] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.746098][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0
[   77.827464][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1
[   77.864166][   T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.888402][   T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.912017][ T1167] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   77.937826][ T1167] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   78.027605][ T1167] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   78.071075][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   78.087416][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   78.096204][ T1167] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   78.899126][ T5971] loop1: detected capacity change from 0 to 32768
[   78.912252][ T5969] loop2: detected capacity change from 0 to 32768
[   79.097512][   T30] audit: type=1800 audit(1773800079.635:2): pid=5971 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.8" name="file1" dev="loop1" ino=7 res=0 errno=0
[   79.143872][ T5842] Bluetooth: hci1: command tx timeout
[   79.149351][ T5844] Bluetooth: hci0: command tx timeout
[   79.155808][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   79.184494][ T5969] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[   79.207484][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   79.224024][ T5844] Bluetooth: hci4: command tx timeout
[   79.232043][ T5842] Bluetooth: hci2: command tx timeout
[   79.232844][ T5850] Bluetooth: hci3: command tx timeout
[   79.492138][ T5969] XFS (loop2): Ending clean mount
[   79.520664][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   79.542308][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   79.587427][ T5969] XFS (loop2): Quotacheck needed: Please wait.
[   79.825346][ T5991] block device autoloading is deprecated and will be removed.
[   80.259772][ T5969] XFS (loop2): Quotacheck: Done.
[   80.663547][ T5839] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[   80.713397][ T5985] loop4: detected capacity change from 0 to 40427
[   80.734159][ T5985] F2FS-fs: heap/no_heap options were deprecated
[   80.765446][ T5985] F2FS-fs (loop4): build fault injection rate: 19
[   80.794252][ T5985] F2FS-fs (loop4): build fault injection type: 0x3bfe8c
[   80.852319][ T5985] F2FS-fs (loop4): invalid crc value
[   80.932112][ T5985] F2FS-fs (loop4): inject page alloc in f2fs_grab_cache_folio of f2fs_build_free_nids+0x9d8/0x1810
[   80.944481][ T5849] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   81.039064][   T29] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   81.086358][ T5985] F2FS-fs (loop4): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x221/0x410
[   81.106281][ T5985] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   81.120544][ T5985] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   81.148785][ T5849] usb 1-1: Using ep0 maxpacket: 16
[   81.162421][ T5849] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   81.179460][ T5985] F2FS-fs (loop4): inject page alloc in f2fs_grab_cache_folio of f2fs_get_dnode_of_data+0x911/0x2060
[   81.196161][   T29] usb 4-1: device descriptor read/64, error -71
[   81.202606][ T5849] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[   81.215754][ T5849] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   81.217622][ T6007] F2FS-fs (loop4): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x3ad/0xd80
[   81.232422][ T5849] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   81.245362][ T5849] usb 1-1: Product: syz
[   81.250291][ T5849] usb 1-1: Manufacturer: syz
[   81.255686][ T5849] usb 1-1: SerialNumber: syz
[   81.291691][   T30] audit: type=1800 audit(1773800081.925:3): pid=6008 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.9" name="file1" dev="loop4" ino=14 res=0 errno=0
[   81.348724][ T5849] usb 1-1: 0:2 : does not exist
[   81.380827][ T5854] syz-executor: attempt to access beyond end of device
[   81.380827][ T5854] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   81.408159][ T5854] CPU: 1 UID: 0 PID: 5854 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[   81.408181][ T5854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[   81.408199][ T5854] Call Trace:
[   81.408210][ T5854]  <TASK>
[   81.408218][ T5854]  dump_stack_lvl+0xe8/0x150
[   81.408245][ T5854]  f2fs_handle_critical_error+0x37c/0x540
[   81.408270][ T5854]  f2fs_write_end_io+0x1274/0x1740
[   81.408309][ T5854]  __submit_merged_bio+0x256/0x700
[   81.408334][ T5854]  __submit_merged_write_cond+0x3c9/0x4e0
[   81.408359][ T5854]  ? __pfx___submit_merged_write_cond+0x10/0x10
[   81.408396][ T5854]  f2fs_write_data_pages+0x287e/0x34f0
[   81.408448][ T5854]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   81.408478][ T5854]  ? unwind_get_return_address+0x4d/0x90
[   81.408494][ T5854]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[   81.408535][ T5854]  ? check_noncircular+0xda/0x150
[   81.408558][ T5854]  ? lockdep_unlock+0x5d/0xd0
[   81.408574][ T5854]  ? __lock_acquire+0x146e/0x2cf0
[   81.408603][ T5854]  ? irqentry_exit+0x61a/0x700
[   81.408619][ T5854]  ? trace_irq_disable+0x3b/0x150
[   81.408646][ T5854]  ? do_raw_spin_lock+0x12b/0x2f0
[   81.408672][ T5854]  ? do_raw_spin_unlock+0xf5/0x210
[   81.408689][ T5854]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   81.408710][ T5854]  do_writepages+0x32e/0x550
[   81.408737][ T5854]  ? do_raw_spin_unlock+0xf5/0x210
[   81.408759][ T5854]  filemap_fdatawrite+0x1e9/0x2f0
[   81.408781][ T5854]  ? __pfx_filemap_fdatawrite+0x10/0x10
[   81.408838][ T5854]  ? do_raw_spin_unlock+0xf5/0x210
[   81.408859][ T5854]  f2fs_sync_dirty_inodes+0x30e/0x860
[   81.408894][ T5854]  f2fs_write_checkpoint+0x9df/0x26a0
[   81.408937][ T5854]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[   81.409006][ T5854]  kill_f2fs_super+0x314/0x720
[   81.409034][ T5854]  ? __pfx_kill_f2fs_super+0x10/0x10
[   81.409065][ T5854]  ? lockdep_hardirqs_on+0x7a/0x110
[   81.409094][ T5854]  deactivate_locked_super+0xbc/0x130
[   81.409116][ T5854]  cleanup_mnt+0x437/0x4d0
[   81.409131][ T5854]  ? _raw_spin_unlock_irq+0x23/0x50
[   81.409150][ T5854]  task_work_run+0x1d9/0x270
[   81.409171][ T5854]  ? __pfx_task_work_run+0x10/0x10
[   81.409199][ T5854]  exit_to_user_mode_loop+0xed/0x480
[   81.409218][ T5854]  ? rcu_is_watching+0x15/0xb0
[   81.409238][ T5854]  do_syscall_64+0x32d/0xf80
[   81.409255][ T5854]  ? trace_irq_disable+0x3b/0x150
[   81.409271][ T5854]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   81.409287][ T5854]  ? clear_bhb_loop+0x40/0x90
[   81.409306][ T5854]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   81.409320][ T5854] RIP: 0033:0x7f5ab299d9d7
[   81.409344][ T5854] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[   81.409355][ T5854] RSP: 002b:00007ffd64c49c08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   81.409372][ T5854] RAX: 0000000000000000 RBX: 00007f5ab2a32050 RCX: 00007f5ab299d9d7
[   81.409382][ T5854] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd64c49cc0
[   81.409391][ T5854] RBP: 00007ffd64c49cc0 R08: 00007ffd64c4acc0 R09: 00000000ffffffff
[   81.409401][ T5854] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd64c4ad50
[   81.409409][ T5854] R13: 00007f5ab2a32050 R14: 0000000000013d99 R15: 00007ffd64c4ad90
[   81.409434][ T5854]  </TASK>
[   81.410611][ T5854] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[   81.481647][ T1224] cfg80211: failed to load regulatory.db
[   81.488221][   T29] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[   81.821659][ T5849] usb 1-1: 5:0: failed to get current value for ch 0 (-22)
[   81.835064][ T6016] netlink: 8 bytes leftover after parsing attributes in process `syz.2.17'.
[   81.844191][ T6016] netlink: 4 bytes leftover after parsing attributes in process `syz.2.17'.
[   82.050087][ T6004] loop1: detected capacity change from 0 to 40427
[   82.055903][ T5849] usb 1-1: USB disconnect, device number 2
[   82.073606][   T29] usb 4-1: device descriptor read/64, error -71
[   82.080027][ T6004] F2FS-fs (loop1): invalid crc value
[   82.198226][   T29] usb usb4-port1: attempt power cycle
[   82.351399][ T6004] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   82.405307][ T6004] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   82.488009][ T5848] syz-executor: attempt to access beyond end of device
[   82.488009][ T5848] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   82.519526][ T5848] CPU: 0 UID: 0 PID: 5848 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[   82.519548][ T5848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[   82.519556][ T5848] Call Trace:
[   82.519563][ T5848]  <TASK>
[   82.519569][ T5848]  dump_stack_lvl+0xe8/0x150
[   82.519596][ T5848]  f2fs_handle_critical_error+0x37c/0x540
[   82.519622][ T5848]  f2fs_write_end_io+0x1274/0x1740
[   82.519658][ T5848]  __submit_merged_bio+0x256/0x700
[   82.519684][ T5848]  __submit_merged_write_cond+0x3c9/0x4e0
[   82.519711][ T5848]  ? __pfx___submit_merged_write_cond+0x10/0x10
[   82.519751][ T5848]  f2fs_write_data_pages+0x287e/0x34f0
[   82.519799][ T5848]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   82.519865][ T5848]  ? kernel_text_address+0xa5/0xe0
[   82.519888][ T5848]  ? __lock_acquire+0x6b5/0x2cf0
[   82.519922][ T5848]  ? __lock_acquire+0x6b5/0x2cf0
[   82.519947][ T5848]  ? do_raw_spin_lock+0x12b/0x2f0
[   82.519974][ T5848]  ? do_raw_spin_unlock+0xf5/0x210
[   82.519992][ T5848]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   82.520015][ T5848]  do_writepages+0x32e/0x550
[   82.520043][ T5848]  ? do_raw_spin_unlock+0xf5/0x210
[   82.520064][ T5848]  filemap_fdatawrite+0x1e9/0x2f0
[   82.520086][ T5848]  ? __pfx_filemap_fdatawrite+0x10/0x10
[   82.520145][ T5848]  ? do_raw_spin_unlock+0xf5/0x210
[   82.520165][ T5848]  f2fs_sync_dirty_inodes+0x30e/0x860
[   82.520199][ T5848]  f2fs_write_checkpoint+0x9df/0x26a0
[   82.520242][ T5848]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[   82.520301][ T5848]  kill_f2fs_super+0x314/0x720
[   82.520327][ T5848]  ? __pfx_kill_f2fs_super+0x10/0x10
[   82.520355][ T5848]  ? lockdep_hardirqs_on+0x7a/0x110
[   82.520382][ T5848]  deactivate_locked_super+0xbc/0x130
[   82.520405][ T5848]  cleanup_mnt+0x437/0x4d0
[   82.520419][ T5848]  ? _raw_spin_unlock_irq+0x23/0x50
[   82.520438][ T5848]  task_work_run+0x1d9/0x270
[   82.520457][ T5848]  ? __pfx_task_work_run+0x10/0x10
[   82.520482][ T5848]  exit_to_user_mode_loop+0xed/0x480
[   82.520500][ T5848]  ? rcu_is_watching+0x15/0xb0
[   82.520518][ T5848]  do_syscall_64+0x32d/0xf80
[   82.520534][ T5848]  ? trace_irq_disable+0x3b/0x150
[   82.520550][ T5848]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   82.520563][ T5848]  ? clear_bhb_loop+0x40/0x90
[   82.520585][ T5848]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   82.520600][ T5848] RIP: 0033:0x7efef759d9d7
[   82.520615][ T5848] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[   82.520627][ T5848] RSP: 002b:00007ffff3fd7c98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   82.520643][ T5848] RAX: 0000000000000000 RBX: 00007efef7632050 RCX: 00007efef759d9d7
[   82.520653][ T5848] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffff3fd7d50
[   82.520662][ T5848] RBP: 00007ffff3fd7d50 R08: 00007ffff3fd8d50 R09: 00000000ffffffff
[   82.520672][ T5848] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffff3fd8de0
[   82.520681][ T5848] R13: 00007efef7632050 R14: 00000000000141f0 R15: 00007ffff3fd8e20
[   82.520708][ T5848]  </TASK>
[   82.818072][   T29] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[   82.821237][ T5848] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[   82.852286][   T29] usb 4-1: device descriptor read/8, error -71
[   83.385805][   T29] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[   83.427461][   T29] usb 4-1: device descriptor read/8, error -71
[   83.557500][   T29] usb usb4-port1: unable to enumerate USB device
[   84.193880][ T5857] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   84.266682][ T6068] Bluetooth: MGMT ver 1.23
[   84.285480][ T6068] Bluetooth: hci0: invalid length 0, exp 2 for type 6
[   84.390965][ T5857] usb 2-1: config 0 has an invalid interface number: 238 but max is 0
[   84.419761][ T5857] usb 2-1: config 0 has no interface number 0
[   84.447229][ T5857] usb 2-1: config 0 interface 238 altsetting 2 endpoint 0x4 has invalid wMaxPacketSize 0
[   84.455675][ T6043] loop2: detected capacity change from 0 to 40427
[   84.458216][ T5857] usb 2-1: config 0 interface 238 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 0
[   84.473837][ T5857] usb 2-1: config 0 interface 238 altsetting 2 endpoint 0x88 has invalid wMaxPacketSize 0
[   84.486722][ T6043] F2FS-fs: heap/no_heap options were deprecated
[   84.500012][ T6043] F2FS-fs (loop2): build fault injection rate: 19
[   84.517401][ T5857] usb 2-1: config 0 interface 238 has no altsetting 0
[   84.523686][ T6043] F2FS-fs (loop2): build fault injection type: 0x3bfe8c
[   84.547264][ T6043] F2FS-fs (loop2): invalid crc value
[   84.556824][ T5857] usb 2-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=f6.6a
[   84.568100][ T6043] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_folio of f2fs_build_free_nids+0x9d8/0x1810
[   84.585761][ T5857] usb 2-1: New USB device strings: Mfr=181, Product=147, SerialNumber=160
[   84.613662][ T5857] usb 2-1: Product: syz
[   84.630703][ T5857] usb 2-1: Manufacturer: syz
[   84.657833][ T5857] usb 2-1: SerialNumber: syz
[   84.673378][ T5960] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[   84.704344][ T5857] usb 2-1: config 0 descriptor??
[   84.724132][ T6043] F2FS-fs (loop2): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x221/0x410
[   84.741051][ T5857] ni6501 2-1:0.238: driver 'ni6501' failed to auto-configure device.
[   84.802050][ T6043] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   84.823795][ T5960] usb 4-1: device descriptor read/64, error -71
[   84.840230][ T6043] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   85.031167][ T6090] netlink: 136 bytes leftover after parsing attributes in process `syz.4.44'.
[   85.045701][ T6043] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_folio of f2fs_get_dnode_of_data+0x911/0x2060
[   85.078905][ T5960] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[   85.097360][ T5959] usb 2-1: USB disconnect, device number 2
[   85.110692][ T6092] F2FS-fs (loop2): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x3ad/0xd80
[   85.153486][   T30] audit: type=1800 audit(1773800085.785:4): pid=6043 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.25" name="file1" dev="loop2" ino=14 res=0 errno=0
[   85.263167][ T5960] usb 4-1: device descriptor read/64, error -71
[   85.375618][ T5839] syz-executor: attempt to access beyond end of device
[   85.375618][ T5839] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   85.403773][ T5960] usb usb4-port1: attempt power cycle
[   85.421196][ T5839] CPU: 1 UID: 0 PID: 5839 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[   85.421219][ T5839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[   85.421227][ T5839] Call Trace:
[   85.421234][ T5839]  <TASK>
[   85.421241][ T5839]  dump_stack_lvl+0xe8/0x150
[   85.421270][ T5839]  f2fs_handle_critical_error+0x37c/0x540
[   85.421297][ T5839]  f2fs_write_end_io+0x1274/0x1740
[   85.421338][ T5839]  __submit_merged_bio+0x256/0x700
[   85.421365][ T5839]  __submit_merged_write_cond+0x3c9/0x4e0
[   85.421394][ T5839]  ? __pfx___submit_merged_write_cond+0x10/0x10
[   85.421438][ T5839]  f2fs_write_data_pages+0x287e/0x34f0
[   85.421497][ T5839]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   85.421562][ T5839]  ? kernel_text_address+0xa5/0xe0
[   85.421585][ T5839]  ? __lock_acquire+0x6b5/0x2cf0
[   85.421620][ T5839]  ? __lock_acquire+0x6b5/0x2cf0
[   85.421646][ T5839]  ? do_raw_spin_lock+0x12b/0x2f0
[   85.421676][ T5839]  ? do_raw_spin_unlock+0xf5/0x210
[   85.421696][ T5839]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   85.421718][ T5839]  do_writepages+0x32e/0x550
[   85.421748][ T5839]  ? do_raw_spin_unlock+0xf5/0x210
[   85.421772][ T5839]  filemap_fdatawrite+0x1e9/0x2f0
[   85.421794][ T5839]  ? __pfx_filemap_fdatawrite+0x10/0x10
[   85.421860][ T5839]  ? do_raw_spin_unlock+0xf5/0x210
[   85.421883][ T5839]  f2fs_sync_dirty_inodes+0x30e/0x860
[   85.421922][ T5839]  f2fs_write_checkpoint+0x9df/0x26a0
[   85.421972][ T5839]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[   85.422044][ T5839]  kill_f2fs_super+0x314/0x720
[   85.422071][ T5839]  ? __pfx_kill_f2fs_super+0x10/0x10
[   85.422113][ T5839]  ? lockdep_hardirqs_on+0x7a/0x110
[   85.422146][ T5839]  deactivate_locked_super+0xbc/0x130
[   85.422171][ T5839]  cleanup_mnt+0x437/0x4d0
[   85.422186][ T5839]  ? _raw_spin_unlock_irq+0x23/0x50
[   85.422207][ T5839]  task_work_run+0x1d9/0x270
[   85.422229][ T5839]  ? __pfx_task_work_run+0x10/0x10
[   85.422260][ T5839]  exit_to_user_mode_loop+0xed/0x480
[   85.422278][ T5839]  ? rcu_is_watching+0x15/0xb0
[   85.422300][ T5839]  do_syscall_64+0x32d/0xf80
[   85.422316][ T5839]  ? trace_irq_disable+0x3b/0x150
[   85.422333][ T5839]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.422349][ T5839]  ? clear_bhb_loop+0x40/0x90
[   85.422368][ T5839]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.422383][ T5839] RIP: 0033:0x7f69b019d9d7
[   85.422399][ T5839] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[   85.422410][ T5839] RSP: 002b:00007fff36a59c08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   85.422427][ T5839] RAX: 0000000000000000 RBX: 00007f69b0232050 RCX: 00007f69b019d9d7
[   85.422437][ T5839] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff36a59cc0
[   85.422449][ T5839] RBP: 00007fff36a59cc0 R08: 00007fff36a5acc0 R09: 00000000ffffffff
[   85.422458][ T5839] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff36a5ad50
[   85.422467][ T5839] R13: 00007f69b0232050 R14: 0000000000014c8d R15: 00007fff36a5ad90
[   85.422497][ T5839]  </TASK>
[   85.484404][ T5839] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[   85.966849][ T6105] =======================================================
[   85.966849][ T6105] WARNING: The mand mount option has been deprecated and
[   85.966849][ T6105]          and is ignored by this kernel. Remove the mand
[   85.966849][ T6105]          option from the mount to silence this warning.
[   85.966849][ T6105] =======================================================
[   86.013621][ T5960] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[   86.029035][ T6109] netlink: 8 bytes leftover after parsing attributes in process `syz.1.53'.
[   86.043981][ T5960] usb 4-1: device descriptor read/8, error -71
[   86.293098][ T5960] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[   86.336332][ T5960] usb 4-1: device descriptor read/8, error -71
[   86.443615][ T5960] usb usb4-port1: unable to enumerate USB device
[   86.621447][ T6128] netlink: 'syz.2.62': attribute type 4 has an invalid length.
[   86.744864][ T6121] loop1: detected capacity change from 0 to 40427
[   86.760879][ T6121] F2FS-fs: heap/no_heap options were deprecated
[   86.770319][ T6121] F2FS-fs (loop1): build fault injection rate: 19
[   86.782247][ T6121] F2FS-fs (loop1): build fault injection type: 0x3bfe8c
[   86.799453][ T6121] F2FS-fs (loop1): invalid crc value
[   86.832271][ T6121] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_folio of f2fs_build_free_nids+0x9d8/0x1810
[   87.250596][ T6121] F2FS-fs (loop1): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x221/0x410
[   87.292096][ T6121] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   87.323860][ T6121] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   87.345868][ T6141] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[   87.377080][ T6141] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[   87.392643][ T6121] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_folio of f2fs_get_dnode_of_data+0x911/0x2060
[   87.443753][   T30] audit: type=1326 audit(1773800088.075:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6140 comm="syz.4.66" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5ab299c799 code=0x0
[   87.446845][ T6121] F2FS-fs (loop1): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x3ad/0xd80
[   87.551891][   T30] audit: type=1800 audit(1773800088.185:6): pid=6121 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.58" name="file1" dev="loop1" ino=14 res=0 errno=0
[   87.724428][ T5848] syz-executor: attempt to access beyond end of device
[   87.724428][ T5848] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   87.740381][ T5848] CPU: 0 UID: 0 PID: 5848 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[   87.740402][ T5848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[   87.740410][ T5848] Call Trace:
[   87.740417][ T5848]  <TASK>
[   87.740423][ T5848]  dump_stack_lvl+0xe8/0x150
[   87.740452][ T5848]  f2fs_handle_critical_error+0x37c/0x540
[   87.740479][ T5848]  f2fs_write_end_io+0x1274/0x1740
[   87.740522][ T5848]  __submit_merged_bio+0x256/0x700
[   87.740549][ T5848]  __submit_merged_write_cond+0x3c9/0x4e0
[   87.740579][ T5848]  ? __pfx___submit_merged_write_cond+0x10/0x10
[   87.740623][ T5848]  f2fs_write_data_pages+0x287e/0x34f0
[   87.740682][ T5848]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   87.740717][ T5848]  ? __pfx_css_rstat_updated+0x10/0x10
[   87.740770][ T5848]  ? mod_memcg_lruvec_state+0x208/0x220
[   87.740794][ T5848]  ? __lock_acquire+0x6b5/0x2cf0
[   87.740831][ T5848]  ? __lock_acquire+0x6b5/0x2cf0
[   87.740857][ T5848]  ? do_raw_spin_lock+0x12b/0x2f0
[   87.740887][ T5848]  ? do_raw_spin_unlock+0xf5/0x210
[   87.740913][ T5848]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   87.740936][ T5848]  do_writepages+0x32e/0x550
[   87.740966][ T5848]  ? do_raw_spin_unlock+0xf5/0x210
[   87.740989][ T5848]  filemap_fdatawrite+0x1e9/0x2f0
[   87.741012][ T5848]  ? __pfx_filemap_fdatawrite+0x10/0x10
[   87.741073][ T5848]  ? do_raw_spin_unlock+0xf5/0x210
[   87.741096][ T5848]  f2fs_sync_dirty_inodes+0x30e/0x860
[   87.741131][ T5848]  f2fs_write_checkpoint+0x9df/0x26a0
[   87.741173][ T5848]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[   87.741234][ T5848]  kill_f2fs_super+0x314/0x720
[   87.741261][ T5848]  ? __pfx_kill_f2fs_super+0x10/0x10
[   87.741291][ T5848]  ? lockdep_hardirqs_on+0x7a/0x110
[   87.741322][ T5848]  deactivate_locked_super+0xbc/0x130
[   87.741343][ T5848]  cleanup_mnt+0x437/0x4d0
[   87.741356][ T5848]  ? _raw_spin_unlock_irq+0x23/0x50
[   87.741375][ T5848]  task_work_run+0x1d9/0x270
[   87.741397][ T5848]  ? __pfx_task_work_run+0x10/0x10
[   87.741425][ T5848]  exit_to_user_mode_loop+0xed/0x480
[   87.741443][ T5848]  ? rcu_is_watching+0x15/0xb0
[   87.741462][ T5848]  do_syscall_64+0x32d/0xf80
[   87.741478][ T5848]  ? trace_irq_disable+0x3b/0x150
[   87.741495][ T5848]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.741510][ T5848]  ? clear_bhb_loop+0x40/0x90
[   87.741527][ T5848]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.741541][ T5848] RIP: 0033:0x7efef759d9d7
[   87.741560][ T5848] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[   87.741571][ T5848] RSP: 002b:00007ffff3fd7c98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   87.741587][ T5848] RAX: 0000000000000000 RBX: 00007efef7632050 RCX: 00007efef759d9d7
[   87.741596][ T5848] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffff3fd7d50
[   87.741605][ T5848] RBP: 00007ffff3fd7d50 R08: 00007ffff3fd8d50 R09: 00000000ffffffff
[   87.741614][ T5848] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffff3fd8de0
[   87.741621][ T5848] R13: 00007efef7632050 R14: 0000000000015601 R15: 00007ffff3fd8e20
[   87.741649][ T5848]  </TASK>
[   87.742140][ T5848] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[   88.831818][ T6179] netlink: 'syz.3.83': attribute type 4 has an invalid length.
[   88.943237][  T808] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   89.094436][  T808] usb 5-1: device descriptor read/64, error -71
[   89.434806][  T808] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   89.983761][  T808] usb 5-1: device descriptor read/64, error -71
[   90.103675][  T808] usb usb5-port1: attempt power cycle
[   90.306504][ T6178] loop2: detected capacity change from 0 to 40427
[   90.347599][ T6178] F2FS-fs: heap/no_heap options were deprecated
[   90.400624][ T6178] F2FS-fs (loop2): build fault injection rate: 19
[   90.436644][ T6178] F2FS-fs (loop2): build fault injection type: 0x3bfe8c
[   90.456153][  T808] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[   90.480217][ T6178] F2FS-fs (loop2): invalid crc value
[   90.515169][  T808] usb 5-1: device descriptor read/8, error -71
[   90.554760][ T6178] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_folio of f2fs_build_free_nids+0x9d8/0x1810
[   90.885668][ T6178] F2FS-fs (loop2): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x221/0x410
[   90.942434][  T808] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[   90.958929][ T6178] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   90.993816][  T808] usb 5-1: device descriptor read/8, error -71
[   91.001775][ T6178] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   91.173464][  T808] usb usb5-port1: unable to enumerate USB device
[   91.368162][ T6178] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_folio of f2fs_get_dnode_of_data+0x911/0x2060
[   91.400479][ T6212] F2FS-fs (loop2): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x3ad/0xd80
[   91.426073][   T30] audit: type=1800 audit(1773800092.065:7): pid=6178 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.82" name="file1" dev="loop2" ino=14 res=0 errno=0
[   91.493427][ T5839] syz-executor: attempt to access beyond end of device
[   91.493427][ T5839] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   91.516469][ T5839] CPU: 1 UID: 0 PID: 5839 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[   91.516499][ T5839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[   91.516507][ T5839] Call Trace:
[   91.516514][ T5839]  <TASK>
[   91.516522][ T5839]  dump_stack_lvl+0xe8/0x150
[   91.516549][ T5839]  f2fs_handle_critical_error+0x37c/0x540
[   91.516577][ T5839]  f2fs_write_end_io+0x1274/0x1740
[   91.516618][ T5839]  __submit_merged_bio+0x256/0x700
[   91.516644][ T5839]  __submit_merged_write_cond+0x3c9/0x4e0
[   91.516672][ T5839]  ? __pfx___submit_merged_write_cond+0x10/0x10
[   91.516713][ T5839]  f2fs_write_data_pages+0x287e/0x34f0
[   91.516767][ T5839]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   91.516826][ T5839]  ? kernel_text_address+0xa5/0xe0
[   91.516851][ T5839]  ? __lock_acquire+0x6b5/0x2cf0
[   91.516887][ T5839]  ? __lock_acquire+0x6b5/0x2cf0
[   91.516912][ T5839]  ? do_raw_spin_lock+0x12b/0x2f0
[   91.516941][ T5839]  ? do_raw_spin_unlock+0xf5/0x210
[   91.516959][ T5839]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   91.516981][ T5839]  do_writepages+0x32e/0x550
[   91.517009][ T5839]  ? do_raw_spin_unlock+0xf5/0x210
[   91.517034][ T5839]  filemap_fdatawrite+0x1e9/0x2f0
[   91.517056][ T5839]  ? __pfx_filemap_fdatawrite+0x10/0x10
[   91.517115][ T5839]  ? do_raw_spin_unlock+0xf5/0x210
[   91.517138][ T5839]  f2fs_sync_dirty_inodes+0x30e/0x860
[   91.517173][ T5839]  f2fs_write_checkpoint+0x9df/0x26a0
[   91.517219][ T5839]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[   91.517283][ T5839]  kill_f2fs_super+0x314/0x720
[   91.517311][ T5839]  ? __pfx_kill_f2fs_super+0x10/0x10
[   91.517344][ T5839]  ? lockdep_hardirqs_on+0x7a/0x110
[   91.517375][ T5839]  deactivate_locked_super+0xbc/0x130
[   91.517398][ T5839]  cleanup_mnt+0x437/0x4d0
[   91.517413][ T5839]  ? _raw_spin_unlock_irq+0x23/0x50
[   91.517433][ T5839]  task_work_run+0x1d9/0x270
[   91.517455][ T5839]  ? __pfx_task_work_run+0x10/0x10
[   91.517489][ T5839]  exit_to_user_mode_loop+0xed/0x480
[   91.517509][ T5839]  ? rcu_is_watching+0x15/0xb0
[   91.517530][ T5839]  do_syscall_64+0x32d/0xf80
[   91.517547][ T5839]  ? trace_irq_disable+0x3b/0x150
[   91.517563][ T5839]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   91.517578][ T5839]  ? clear_bhb_loop+0x40/0x90
[   91.517598][ T5839]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   91.517612][ T5839] RIP: 0033:0x7f69b019d9d7
[   91.517627][ T5839] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[   91.517639][ T5839] RSP: 002b:00007fff36a59c08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   91.517655][ T5839] RAX: 0000000000000000 RBX: 00007f69b0232050 RCX: 00007f69b019d9d7
[   91.517665][ T5839] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff36a59cc0
[   91.517674][ T5839] RBP: 00007fff36a59cc0 R08: 00007fff36a5acc0 R09: 00000000ffffffff
[   91.517685][ T5839] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff36a5ad50
[   91.517694][ T5839] R13: 00007f69b0232050 R14: 0000000000016522 R15: 00007fff36a5ad90
[   91.517727][ T5839]  </TASK>
[   91.517963][ T5839] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[   93.010022][   T30] audit: type=1326 audit(1773800093.645:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6231 comm="syz.4.102" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5ab299c799 code=0x0
[   93.905893][ T5959] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   94.063468][  T808] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   94.084905][ T5959] usb 1-1: Using ep0 maxpacket: 16
[   94.100828][ T5959] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   94.132206][ T5959] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[   94.155791][ T5959] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   94.155817][ T5959] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   94.155834][ T5959] usb 1-1: Product: syz
[   94.155847][ T5959] usb 1-1: Manufacturer: syz
[   94.155861][ T5959] usb 1-1: SerialNumber: syz
[   94.168209][ T5959] usb 1-1: 0:2 : does not exist
[   94.243276][  T808] usb 2-1: device descriptor read/64, error -71
[   94.308620][ T6244] loop2: detected capacity change from 0 to 40427
[   94.316019][ T6244] F2FS-fs: heap/no_heap options were deprecated
[   94.326646][ T6244] F2FS-fs (loop2): build fault injection rate: 19
[   94.333189][ T6244] F2FS-fs (loop2): build fault injection type: 0x3bfe8c
[   94.341064][ T6244] F2FS-fs (loop2): invalid crc value
[   94.375610][ T5959] usb 1-1: 5:0: failed to get current value for ch 0 (-22)
[   94.398582][ T6244] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_folio of f2fs_build_free_nids+0x9d8/0x1810
[   94.471435][ T6244] F2FS-fs (loop2): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x221/0x410
[   94.486066][  T808] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   94.515979][ T6244] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   94.526663][ T6244] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   94.533778][ T5959] usb 1-1: USB disconnect, device number 3
[   94.567691][ T6244] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_folio of f2fs_get_dnode_of_data+0x911/0x2060
[   94.609959][ T6244] F2FS-fs (loop2): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x3ad/0xd80
[   94.624818][   T30] audit: type=1800 audit(1773800095.265:9): pid=6244 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.106" name="file1" dev="loop2" ino=14 res=0 errno=0
[   94.646298][  T808] usb 2-1: device descriptor read/64, error -71
[   94.699933][ T5839] syz-executor: attempt to access beyond end of device
[   94.699933][ T5839] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   94.714422][ T5839] CPU: 0 UID: 0 PID: 5839 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[   94.714444][ T5839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[   94.714452][ T5839] Call Trace:
[   94.714458][ T5839]  <TASK>
[   94.714465][ T5839]  dump_stack_lvl+0xe8/0x150
[   94.714494][ T5839]  f2fs_handle_critical_error+0x37c/0x540
[   94.714522][ T5839]  f2fs_write_end_io+0x1274/0x1740
[   94.714565][ T5839]  __submit_merged_bio+0x256/0x700
[   94.714599][ T5839]  __submit_merged_write_cond+0x3c9/0x4e0
[   94.714630][ T5839]  ? __pfx___submit_merged_write_cond+0x10/0x10
[   94.714675][ T5839]  f2fs_write_data_pages+0x287e/0x34f0
[   94.714735][ T5839]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   94.714811][ T5839]  ? __lock_acquire+0x6b5/0x2cf0
[   94.714849][ T5839]  ? __lock_acquire+0x6b5/0x2cf0
[   94.714875][ T5839]  ? do_raw_spin_lock+0x12b/0x2f0
[   94.714905][ T5839]  ? do_raw_spin_unlock+0xf5/0x210
[   94.714924][ T5839]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   94.714946][ T5839]  do_writepages+0x32e/0x550
[   94.714976][ T5839]  ? do_raw_spin_unlock+0xf5/0x210
[   94.714999][ T5839]  filemap_fdatawrite+0x1e9/0x2f0
[   94.715022][ T5839]  ? __pfx_filemap_fdatawrite+0x10/0x10
[   94.715087][ T5839]  ? do_raw_spin_unlock+0xf5/0x210
[   94.715109][ T5839]  f2fs_sync_dirty_inodes+0x30e/0x860
[   94.715147][ T5839]  f2fs_write_checkpoint+0x9df/0x26a0
[   94.715197][ T5839]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[   94.715268][ T5839]  kill_f2fs_super+0x314/0x720
[   94.715297][ T5839]  ? __pfx_kill_f2fs_super+0x10/0x10
[   94.715333][ T5839]  ? lockdep_hardirqs_on+0x7a/0x110
[   94.715366][ T5839]  deactivate_locked_super+0xbc/0x130
[   94.715390][ T5839]  cleanup_mnt+0x437/0x4d0
[   94.715406][ T5839]  ? _raw_spin_unlock_irq+0x23/0x50
[   94.715427][ T5839]  task_work_run+0x1d9/0x270
[   94.715450][ T5839]  ? __pfx_task_work_run+0x10/0x10
[   94.715480][ T5839]  exit_to_user_mode_loop+0xed/0x480
[   94.715499][ T5839]  ? rcu_is_watching+0x15/0xb0
[   94.715524][ T5839]  do_syscall_64+0x32d/0xf80
[   94.715541][ T5839]  ? trace_irq_disable+0x3b/0x150
[   94.715558][ T5839]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.715573][ T5839]  ? clear_bhb_loop+0x40/0x90
[   94.715599][ T5839]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.715614][ T5839] RIP: 0033:0x7f69b019d9d7
[   94.715630][ T5839] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[   94.715642][ T5839] RSP: 002b:00007fff36a59c08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   94.715658][ T5839] RAX: 0000000000000000 RBX: 00007f69b0232050 RCX: 00007f69b019d9d7
[   94.715668][ T5839] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff36a59cc0
[   94.715677][ T5839] RBP: 00007fff36a59cc0 R08: 00007fff36a5acc0 R09: 00000000ffffffff
[   94.715687][ T5839] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff36a5ad50
[   94.715696][ T5839] R13: 00007f69b0232050 R14: 00000000000171a8 R15: 00007fff36a5ad90
[   94.715726][ T5839]  </TASK>
[   94.715950][ T5839] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[   94.763409][  T808] usb usb2-port1: attempt power cycle
[   95.563212][  T808] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[   95.607955][  T808] usb 2-1: device descriptor read/8, error -71
[   95.649968][ T6283] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[   95.776690][ T6283] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[   95.811248][   T30] audit: type=1326 audit(1773800096.445:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6282 comm="syz.4.121" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5ab299c799 code=0x0
[   96.393522][  T808] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[   96.515008][  T808] usb 2-1: device descriptor read/8, error -71
[   96.626900][  T808] usb usb2-port1: unable to enumerate USB device
[   97.934996][ T6294] loop2: detected capacity change from 0 to 40427
[   97.955186][ T6294] F2FS-fs: heap/no_heap options were deprecated
[   98.003089][ T5960] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   98.010836][ T6294] F2FS-fs (loop2): build fault injection rate: 19
[   98.024085][ T6294] F2FS-fs (loop2): build fault injection type: 0x3bfe8c
[   98.060202][ T6294] F2FS-fs (loop2): invalid crc value
[   98.161267][ T6294] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_folio of f2fs_build_free_nids+0x9d8/0x1810
[   98.212018][ T5960] usb 1-1: config 1 has an invalid descriptor of length 220, skipping remainder of the config
[   98.240077][ T5960] usb 1-1: config 1 interface 0 altsetting 100 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[   98.328818][ T5960] usb 1-1: config 1 interface 0 has no altsetting 0
[   98.355206][ T5960] usb 1-1: New USB device found, idVendor=0458, idProduct=9317, bcdDevice=f5.2f
[   98.385046][ T5960] usb 1-1: New USB device strings: Mfr=66, Product=2, SerialNumber=3
[   98.397750][ T5960] usb 1-1: Product: 퇿䃜䙕臸봥呋丕䝢问ᛏ䓍侫ǯ⣷ᲇ菶눸蒜葅㻋솰嫐ꓮ⎜崥륧䋡吩缰摺셢Ⴑَ⠲⿭ɮ王苚䷏ʔ➲尵꛻៑픖큵랓靶게鳳ч矄ᩊ䊸ꑤ鯺䥙㶾㜏翸碎ᗲ擊즮
[   98.424833][ T5960] usb 1-1: Manufacturer: syz
[   98.462851][ T6294] F2FS-fs (loop2): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x221/0x410
[   98.487440][ T6294] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   98.519838][ T6294] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   98.557538][ T6294] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_folio of f2fs_get_dnode_of_data+0x911/0x2060
[   98.570913][ T6294] F2FS-fs (loop2): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x3ad/0xd80
[   98.586548][   T30] audit: type=1800 audit(1773800099.225:11): pid=6294 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.125" name="file1" dev="loop2" ino=14 res=0 errno=0
[   98.628809][ T5839] syz-executor: attempt to access beyond end of device
[   98.628809][ T5839] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   98.652419][ T5839] CPU: 0 UID: 0 PID: 5839 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[   98.652442][ T5839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[   98.652451][ T5839] Call Trace:
[   98.652456][ T5839]  <TASK>
[   98.652463][ T5839]  dump_stack_lvl+0xe8/0x150
[   98.652491][ T5839]  f2fs_handle_critical_error+0x37c/0x540
[   98.652521][ T5839]  f2fs_write_end_io+0x1274/0x1740
[   98.652561][ T5839]  __submit_merged_bio+0x256/0x700
[   98.652586][ T5839]  __submit_merged_write_cond+0x3c9/0x4e0
[   98.652613][ T5839]  ? __pfx___submit_merged_write_cond+0x10/0x10
[   98.652656][ T5839]  f2fs_write_data_pages+0x287e/0x34f0
[   98.652708][ T5839]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   98.652743][ T5839]  ? __pfx_css_rstat_updated+0x10/0x10
[   98.652793][ T5839]  ? mod_memcg_lruvec_state+0x208/0x220
[   98.652816][ T5839]  ? __lock_acquire+0x6b5/0x2cf0
[   98.652854][ T5839]  ? __lock_acquire+0x6b5/0x2cf0
[   98.652877][ T5839]  ? do_raw_spin_lock+0x12b/0x2f0
[   98.652905][ T5839]  ? do_raw_spin_unlock+0xf5/0x210
[   98.652922][ T5839]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   98.652944][ T5839]  do_writepages+0x32e/0x550
[   98.652973][ T5839]  ? do_raw_spin_unlock+0xf5/0x210
[   98.652995][ T5839]  filemap_fdatawrite+0x1e9/0x2f0
[   98.653016][ T5839]  ? __pfx_filemap_fdatawrite+0x10/0x10
[   98.653075][ T5839]  ? do_raw_spin_unlock+0xf5/0x210
[   98.653098][ T5839]  f2fs_sync_dirty_inodes+0x30e/0x860
[   98.653137][ T5839]  f2fs_write_checkpoint+0x9df/0x26a0
[   98.653194][ T5839]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[   98.653266][ T5839]  kill_f2fs_super+0x314/0x720
[   98.653295][ T5839]  ? __pfx_kill_f2fs_super+0x10/0x10
[   98.653329][ T5839]  ? lockdep_hardirqs_on+0x7a/0x110
[   98.653363][ T5839]  deactivate_locked_super+0xbc/0x130
[   98.653386][ T5839]  cleanup_mnt+0x437/0x4d0
[   98.653402][ T5839]  ? _raw_spin_unlock_irq+0x23/0x50
[   98.653422][ T5839]  task_work_run+0x1d9/0x270
[   98.653444][ T5839]  ? __pfx_task_work_run+0x10/0x10
[   98.653472][ T5839]  exit_to_user_mode_loop+0xed/0x480
[   98.653492][ T5839]  ? rcu_is_watching+0x15/0xb0
[   98.653512][ T5839]  do_syscall_64+0x32d/0xf80
[   98.653529][ T5839]  ? trace_irq_disable+0x3b/0x150
[   98.653546][ T5839]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.653562][ T5839]  ? clear_bhb_loop+0x40/0x90
[   98.653581][ T5839]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.653596][ T5839] RIP: 0033:0x7f69b019d9d7
[   98.653612][ T5839] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[   98.653623][ T5839] RSP: 002b:00007fff36a59c08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   98.653640][ T5839] RAX: 0000000000000000 RBX: 00007f69b0232050 RCX: 00007f69b019d9d7
[   98.653650][ T5839] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff36a59cc0
[   98.653660][ T5839] RBP: 00007fff36a59cc0 R08: 00007fff36a5acc0 R09: 00000000ffffffff
[   98.653669][ T5839] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff36a5ad50
[   98.653679][ T5839] R13: 00007f69b0232050 R14: 000000000001811f R15: 00007fff36a5ad90
[   98.653707][ T5839]  </TASK>
[   98.966543][ T5839] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[   99.969939][ T5960] usbhid 1-1:1.0: couldn't find an input interrupt endpoint
[  100.003966][ T5960] usb 1-1: USB disconnect, device number 4
[  101.764888][ T5960] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  101.953338][ T5960] usb 2-1: config 1 has an invalid descriptor of length 220, skipping remainder of the config
[  101.987181][ T5960] usb 2-1: config 1 interface 0 altsetting 100 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  102.024491][ T5960] usb 2-1: config 1 interface 0 has no altsetting 0
[  102.049611][ T5960] usb 2-1: New USB device found, idVendor=0458, idProduct=9317, bcdDevice=f5.2f
[  102.071203][ T5960] usb 2-1: New USB device strings: Mfr=66, Product=2, SerialNumber=3
[  102.105719][ T5960] usb 2-1: Product: Ќ
[  102.124183][ T5960] usb 2-1: Manufacturer: syz
[  102.526540][ T5960] usbhid 2-1:1.0: couldn't find an input interrupt endpoint
[  102.581904][ T5960] usb 2-1: USB disconnect, device number 7
[  103.500033][ T6504] Zero length message leads to an empty skb
[  104.222797][ T6526] netlink: 40 bytes leftover after parsing attributes in process `syz.4.214'.
[  104.893098][   T10] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  105.070092][ T6532] Bluetooth: hci0: invalid length 0, exp 2 for type 6
[  105.089707][   T10] usb 2-1: config 1 has an invalid descriptor of length 220, skipping remainder of the config
[  105.125898][   T10] usb 2-1: config 1 interface 0 altsetting 100 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  105.187058][   T10] usb 2-1: config 1 interface 0 has no altsetting 0
[  105.279525][   T10] usb 2-1: New USB device found, idVendor=0458, idProduct=9317, bcdDevice=f5.2f
[  105.312357][   T10] usb 2-1: New USB device strings: Mfr=66, Product=2, SerialNumber=3
[  105.351756][   T10] usb 2-1: Product: Ќ
[  105.367495][   T10] usb 2-1: Manufacturer: syz
[  106.998079][   T10] usbhid 2-1:1.0: couldn't find an input interrupt endpoint
[  107.060171][   T10] usb 2-1: USB disconnect, device number 8
[  107.287720][   T30] audit: type=1326 audit(1773800107.925:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6560 comm="syz.3.235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe61e59c799 code=0x7ffc0000
[  107.357781][   T30] audit: type=1326 audit(1773800107.955:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6560 comm="syz.3.235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe61e59c799 code=0x7ffc0000
[  107.448083][   T30] audit: type=1326 audit(1773800107.955:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6560 comm="syz.3.235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe61e59c799 code=0x7ffc0000
[  107.512350][   T30] audit: type=1326 audit(1773800107.955:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6560 comm="syz.3.235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=226 compat=0 ip=0x7fe61e59c799 code=0x7ffc0000
[  107.564860][   T30] audit: type=1326 audit(1773800107.955:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6560 comm="syz.3.235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe61e59c799 code=0x7ffc0000
[  107.641574][   T30] audit: type=1326 audit(1773800107.955:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6560 comm="syz.3.235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fe61e59c799 code=0x7ffc0000
[  107.760270][   T30] audit: type=1326 audit(1773800107.955:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6560 comm="syz.3.235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fe61e59c799 code=0x7ffc0000
[  110.072583][ T6610] binder: 6609:6610 ioctl 4018620d 0 returned -22
[  110.626288][ T6623] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  110.751257][ T6623] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  110.790980][   T30] audit: type=1326 audit(1773800111.425:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6622 comm="syz.0.262" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5b6bb9c799 code=0x0
[  111.694621][ T6644] netlink: 'syz.4.269': attribute type 4 has an invalid length.
[  111.825809][ T6650] netlink: 28 bytes leftover after parsing attributes in process `syz.2.273'.
[  112.139209][ T6659] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  112.167534][ T6659] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  112.209688][   T30] audit: type=1326 audit(1773800112.845:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6658 comm="syz.0.277" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5b6bb9c799 code=0x0
[  112.504420][   T29] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  112.675786][   T29] usb 2-1: Using ep0 maxpacket: 16
[  112.798170][   T29] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  112.815784][   T29] usb 2-1: New USB device found, idVendor=110a, idProduct=1653, bcdDevice=5e.a7
[  112.826715][   T29] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  113.362777][   T29] usb 2-1: Product: syz
[  113.377723][   T29] usb 2-1: Manufacturer: syz
[  113.390192][   T29] usb 2-1: SerialNumber: syz
[  113.440330][   T29] usb 2-1: config 0 descriptor??
[  113.665138][   T29] mxuport 2-1:0.0: mxuport_send_ctrl_data_urb - usb_control_msg failed (-71)
[  113.706836][   T29] mxuport 2-1:0.0: mxuport_send_ctrl_data_urb - usb_control_msg failed (-71)
[  113.731393][   T29] mxuport 2-1:0.0: probe with driver mxuport failed with error -71
[  113.775768][   T29] usb 2-1: USB disconnect, device number 9
[  114.283496][   T10] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  114.453190][   T10] usb 1-1: Using ep0 maxpacket: 16
[  114.478418][   T10] usb 1-1: config 0 has no interfaces?
[  114.599031][   T10] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  115.122406][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  115.143914][   T10] usb 1-1: Product: syz
[  115.156393][   T10] usb 1-1: Manufacturer: syz
[  115.173393][   T10] usb 1-1: SerialNumber: syz
[  115.206385][   T10] r8152-cfgselector 1-1: Unknown version 0x0000
[  115.216113][   T10] r8152-cfgselector 1-1: config 0 descriptor??
[  115.247468][ T6713] netlink: 28 bytes leftover after parsing attributes in process `syz.2.298'.
[  115.396257][   T10] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  115.576647][   T10] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  115.595868][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  115.622618][   T10] usb 5-1: Product: syz
[  115.635194][   T10] usb 5-1: Manufacturer: syz
[  115.650499][   T10] usb 5-1: SerialNumber: syz
[  115.667709][   T10] usb 5-1: config 0 descriptor??
[  116.340264][ T6741] netlink: 28 bytes leftover after parsing attributes in process `syz.1.312'.
[  116.611868][   T10] usb 5-1: Firmware version (0.0) predates our first public release.
[  116.620109][   T10] usb 5-1: Please update to version 0.2 or newer
[  117.329616][   T10] usb 5-1: USB disconnect, device number 6
[  117.381036][ T5849] r8152-cfgselector 1-1: USB disconnect, device number 5
[  117.742958][ T6778] netlink: 28 bytes leftover after parsing attributes in process `syz.2.326'.
[  118.964147][   T30] audit: type=1326 audit(1773800119.595:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6801 comm="syz.2.334" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f69b019c799 code=0x0
[  119.066977][ T6806] netlink: 28 bytes leftover after parsing attributes in process `syz.1.337'.
[  119.458313][   T30] audit: type=1326 audit(1773800120.095:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6821 comm="syz.1.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efef759c799 code=0x7ffc0000
[  119.631417][   T30] audit: type=1326 audit(1773800120.115:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6821 comm="syz.1.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efef759c799 code=0x7ffc0000
[  120.140802][   T30] audit: type=1326 audit(1773800120.125:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6821 comm="syz.1.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efef759c799 code=0x7ffc0000
[  120.224751][   T30] audit: type=1326 audit(1773800120.125:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6821 comm="syz.1.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efef759c799 code=0x7ffc0000
[  120.395701][   T30] audit: type=1326 audit(1773800120.135:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6821 comm="syz.1.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=35 compat=0 ip=0x7efef759c799 code=0x7ffc0000
[  120.435446][   T30] audit: type=1326 audit(1773800120.135:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6821 comm="syz.1.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efef759c799 code=0x7ffc0000
[  120.541592][   T30] audit: type=1326 audit(1773800120.135:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6821 comm="syz.1.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efef759c799 code=0x7ffc0000
[  120.597385][ T6838] netlink: 28 bytes leftover after parsing attributes in process `syz.4.350'.
[  120.637329][   T30] audit: type=1326 audit(1773800120.135:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6821 comm="syz.1.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7efef759c799 code=0x7ffc0000
[  120.725948][   T30] audit: type=1326 audit(1773800120.135:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6821 comm="syz.1.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7efef759c799 code=0x7ffc0000
[  120.899356][ T6844] netlink: 8 bytes leftover after parsing attributes in process `syz.4.352'.
[  121.131090][ T6844] bond1: entered allmulticast mode
[  121.172733][ T6844] 8021q: adding VLAN 0 to HW filter on device bond1
[  121.223282][ T5849] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  121.396346][ T5849] usb 4-1: Using ep0 maxpacket: 8
[  121.416994][ T5849] usb 4-1: no configurations
[  121.421646][ T5849] usb 4-1: can't read configurations, error -22
[  121.563178][ T5849] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  121.583159][   T10] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  121.634635][ T6861] netlink: 'syz.1.359': attribute type 4 has an invalid length.
[  121.713614][ T5849] usb 4-1: Using ep0 maxpacket: 8
[  121.726041][ T5849] usb 4-1: no configurations
[  121.732169][ T5849] usb 4-1: can't read configurations, error -22
[  121.745076][ T5849] usb usb4-port1: attempt power cycle
[  121.747461][   T10] usb 5-1: config 1 has an invalid descriptor of length 220, skipping remainder of the config
[  121.787537][   T10] usb 5-1: config 1 interface 0 altsetting 100 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  122.098303][   T10] usb 5-1: config 1 interface 0 has no altsetting 0
[  122.119774][   T10] usb 5-1: New USB device found, idVendor=0458, idProduct=9317, bcdDevice=f5.2f
[  122.131957][   T10] usb 5-1: New USB device strings: Mfr=66, Product=2, SerialNumber=3
[  122.151000][   T10] usb 5-1: Product: Ќ
[  122.159356][   T10] usb 5-1: Manufacturer: syz
[  122.363112][ T5849] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  122.394386][ T5849] usb 4-1: Using ep0 maxpacket: 8
[  122.416407][ T5849] usb 4-1: no configurations
[  122.443685][ T5849] usb 4-1: can't read configurations, error -22
[  122.566469][   T10] usbhid 5-1:1.0: couldn't find an input interrupt endpoint
[  122.603547][   T10] usb 5-1: USB disconnect, device number 7
[  122.755253][ T6889] netlink: 'syz.1.370': attribute type 4 has an invalid length.
[  122.760930][ T5849] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  122.784531][ T5849] usb 4-1: Using ep0 maxpacket: 8
[  122.803620][ T5849] usb 4-1: no configurations
[  122.808395][ T5849] usb 4-1: can't read configurations, error -22
[  122.822189][ T5849] usb usb4-port1: unable to enumerate USB device
[  123.885985][ T6921] netlink: 32 bytes leftover after parsing attributes in process `syz.1.384'.
[  124.832882][ T6937] netlink: 'syz.3.390': attribute type 4 has an invalid length.
[  125.216010][ T5960] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  125.531781][ T5960] usb 4-1: Using ep0 maxpacket: 8
[  125.624637][ T5960] usb 4-1: no configurations
[  125.658031][ T5960] usb 4-1: can't read configurations, error -22
[  125.826152][ T5960] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  126.178899][ T6976] vxcan1: tx drop: invalid sa for name 0x0000000000000002
[  126.569774][ T5960] usb 4-1: Using ep0 maxpacket: 8
[  126.576408][ T5960] usb 4-1: no configurations
[  126.592591][ T5960] usb 4-1: can't read configurations, error -22
[  126.609491][ T5960] usb usb4-port1: attempt power cycle
[  127.563196][ T5960] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  127.587618][ T6984] netlink: 'syz.0.408': attribute type 4 has an invalid length.
[  127.645082][ T5960] usb 4-1: Using ep0 maxpacket: 8
[  127.665970][ T5960] usb 4-1: no configurations
[  127.682324][ T5960] usb 4-1: can't read configurations, error -22
[  127.836158][ T5960] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  127.896243][ T5960] usb 4-1: Using ep0 maxpacket: 8
[  127.909033][ T5960] usb 4-1: no configurations
[  127.917238][ T5960] usb 4-1: can't read configurations, error -22
[  127.927790][ T5960] usb usb4-port1: unable to enumerate USB device
[  129.312473][ T7018] netlink: 28 bytes leftover after parsing attributes in process `syz.0.423'.
[  129.530413][   T30] kauditd_printk_skb: 2 callbacks suppressed
[  129.530428][   T30] audit: type=1326 audit(1773800130.165:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7020 comm="syz.2.424" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f69b019c799 code=0x0
[  129.687415][ T5959] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  130.133199][ T5959] usb 2-1: Using ep0 maxpacket: 8
[  130.139296][ T5959] usb 2-1: no configurations
[  130.151611][ T5959] usb 2-1: can't read configurations, error -22
[  130.295595][ T5959] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  130.483508][ T5959] usb 2-1: Using ep0 maxpacket: 8
[  130.992983][ T5959] usb 2-1: no configurations
[  130.998446][ T5959] usb 2-1: can't read configurations, error -22
[  131.005409][ T5959] usb usb2-port1: attempt power cycle
[  131.644860][ T5959] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  131.684076][ T5959] usb 2-1: Using ep0 maxpacket: 8
[  131.697415][ T5959] usb 2-1: no configurations
[  131.715370][ T5959] usb 2-1: can't read configurations, error -22
[  132.173370][ T5959] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  132.223653][ T5959] usb 2-1: Using ep0 maxpacket: 8
[  132.234490][ T5959] usb 2-1: no configurations
[  132.259574][ T5959] usb 2-1: can't read configurations, error -22
[  132.294897][ T5959] usb usb2-port1: unable to enumerate USB device
[  132.463448][ T7085] netlink: 8 bytes leftover after parsing attributes in process `syz.2.450'.
[  132.507765][ T7083] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  132.557084][ T7083] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  132.558831][   T30] audit: type=1326 audit(1773800133.195:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7082 comm="syz.0.449" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5b6bb9c799 code=0x0
[  132.685090][ T1316] ieee802154 phy0 wpan0: encryption failed: -22
[  132.691454][ T1316] ieee802154 phy1 wpan1: encryption failed: -22
[  134.123179][ T5849] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  134.369896][ T5849] usb 2-1: Using ep0 maxpacket: 16
[  134.391591][ T5849] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  134.409973][ T5849] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  134.431720][ T5849] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  134.966960][ T5849] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  134.982738][ T5849] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  134.993058][ T5849] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  135.003097][ T5849] usb 2-1: Product: syz
[  135.007290][ T5849] usb 2-1: Manufacturer: syz
[  135.012343][ T5849] usb 2-1: SerialNumber: syz
[  137.296495][ T5849] usb 2-1: 0:2 : does not exist
[  137.517993][ T5849] usb 2-1: USB disconnect, device number 14
[  137.690023][ T5863] udevd[5863]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  137.965119][ T7184] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  137.991807][ T7184] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  138.016064][   T30] audit: type=1326 audit(1773800138.655:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7183 comm="syz.2.490" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f69b019c799 code=0x0
[  138.406304][ T7199] binder: 7198:7199 ioctl 4018620d 0 returned -22
[  139.647044][ T7221] Bluetooth: hci0: invalid length 0, exp 2 for type 6
[  140.965592][ T7251] netlink: 'syz.1.517': attribute type 4 has an invalid length.
[  141.617299][ T7281] netlink: 8 bytes leftover after parsing attributes in process `syz.3.530'.
[  141.811839][ T7285] netlink: 'syz.3.532': attribute type 4 has an invalid length.
[  142.893127][ T5960] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  143.107151][ T5960] usb 5-1: config 1 has an invalid descriptor of length 220, skipping remainder of the config
[  143.142397][ T5960] usb 5-1: config 1 interface 0 altsetting 100 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  143.171120][ T5960] usb 5-1: config 1 interface 0 has no altsetting 0
[  143.185239][ T5960] usb 5-1: New USB device found, idVendor=0458, idProduct=9317, bcdDevice=f5.2f
[  143.205215][ T5960] usb 5-1: New USB device strings: Mfr=66, Product=2, SerialNumber=3
[  143.230472][ T5960] usb 5-1: Manufacturer: syz
[  143.239090][ T5960] usb 5-1: SerialNumber: Ќ
[  143.262471][ T7320] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  143.284652][ T7320] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  143.309067][   T30] audit: type=1326 audit(1773800143.945:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7319 comm="syz.2.548" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f69b019c799 code=0x0
[  143.708804][ T5960] usbhid 5-1:1.0: couldn't find an input interrupt endpoint
[  143.740053][ T5960] usb 5-1: USB disconnect, device number 8
[  144.112406][ T7338] binder: 7337:7338 ioctl 4018620d 0 returned -22
[  144.310791][ T7344] Bluetooth: hci0: invalid length 0, exp 2 for type 6
[  145.805994][ T7369] binder: 7368:7369 ioctl 4018620d 0 returned -22
[  146.313233][ T5959] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  146.389228][ T7390] netlink: 8 bytes leftover after parsing attributes in process `syz.2.580'.
[  146.507940][ T5959] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  146.548777][ T5959] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  146.614975][ T5959] usb 5-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=f6.6a
[  146.632198][ T5959] usb 5-1: New USB device strings: Mfr=181, Product=147, SerialNumber=160
[  146.665460][ T5959] usb 5-1: Product: syz
[  146.698440][ T5959] usb 5-1: Manufacturer: syz
[  146.741464][ T5959] usb 5-1: SerialNumber: syz
[  147.127724][ T5959] usb 5-1: config 0 descriptor??
[  147.361181][ T5931] usb 5-1: USB disconnect, device number 9
[  149.744544][ T5960] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  149.747267][ T7453] netlink: 'syz.0.601': attribute type 4 has an invalid length.
[  149.793760][ T5959] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  149.913113][ T5960] usb 4-1: Using ep0 maxpacket: 16
[  149.932787][ T5960] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  149.948996][ T5960] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  149.961408][ T5960] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  149.971382][ T5960] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  149.984221][ T5959] usb 2-1: config 1 has an invalid descriptor of length 220, skipping remainder of the config
[  149.995575][ T5960] usb 4-1: Product: syz
[  149.999781][ T5960] usb 4-1: Manufacturer: syz
[  150.006485][ T5959] usb 2-1: config 1 interface 0 altsetting 100 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  150.021139][ T5960] usb 4-1: SerialNumber: syz
[  150.029887][ T5959] usb 2-1: config 1 interface 0 has no altsetting 0
[  150.054310][ T5959] usb 2-1: New USB device found, idVendor=0458, idProduct=9317, bcdDevice=f5.2f
[  150.067578][ T5960] usb 4-1: 0:2 : does not exist
[  150.072825][ T5959] usb 2-1: New USB device strings: Mfr=66, Product=2, SerialNumber=3
[  150.081854][ T5959] usb 2-1: Product: 퇿䃜䙕臸봥呋丕䝢问ᛏ䓍侫ǯ⣷ᲇ菶눸蒜葅㻋솰嫐ꓮ⎜崥륧䋡吩缰摺셢
[  150.103390][ T5959] usb 2-1: Manufacturer: syz
[  150.108034][ T5959] usb 2-1: SerialNumber: Ќ
[  150.699633][    T9] usb 5-1: new full-speed USB device number 10 using dummy_hcd
[  150.711029][ T5960] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[  150.772491][ T5960] usb 4-1: USB disconnect, device number 18
[  150.842770][ T5863] udevd[5863]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  150.873131][    T9] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  150.917707][    T9] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  150.968083][    T9] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  150.998096][ T5959] usbhid 2-1:1.0: couldn't find an input interrupt endpoint
[  151.008018][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  151.018856][ T7472] syz.0.608 uses obsolete (PF_INET,SOCK_PACKET)
[  151.047534][ T5959] usb 2-1: USB disconnect, device number 15
[  151.516461][    T9] usb 5-1: GET_CAPABILITIES returned 0
[  151.557415][    T9] usbtmc 5-1:16.0: can't read capabilities
[  151.743418][    T9] usb 5-1: USB disconnect, device number 10
[  151.764782][ T7485] netlink: 'syz.0.614': attribute type 4 has an invalid length.
[  152.127076][ T7495] Bluetooth: hci0: unsupported parameter 255
[  152.127111][ T7495] Bluetooth: hci0: invalid length 0, exp 2 for type 0
[  153.035361][ T7514] netlink: 'syz.2.626': attribute type 4 has an invalid length.
[  153.083130][    T9] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  153.090810][ T5857] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  153.241996][ T7522] Bluetooth: hci0: unsupported parameter 255
[  153.250203][ T7522] Bluetooth: hci0: invalid length 0, exp 2 for type 0
[  153.260655][    T9] usb 5-1: config 0 has an invalid interface number: 238 but max is 0
[  153.269548][ T5857] usb 1-1: Using ep0 maxpacket: 16
[  153.275173][    T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  153.275195][    T9] usb 5-1: config 0 has no interface number 0
[  153.275247][    T9] usb 5-1: config 0 interface 238 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  153.275268][    T9] usb 5-1: config 0 interface 238 has no altsetting 0
[  153.277603][ T5857] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  153.277623][ T5857] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  153.278842][    T9] usb 5-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=f6.6a
[  153.278896][    T9] usb 5-1: New USB device strings: Mfr=181, Product=147, SerialNumber=160
[  153.278914][    T9] usb 5-1: Product: syz
[  153.278927][    T9] usb 5-1: Manufacturer: syz
[  153.278939][    T9] usb 5-1: SerialNumber: syz
[  153.282048][    T9] usb 5-1: config 0 descriptor??
[  153.305277][ T5857] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  153.398368][    T9] comedi comedi5: Wrong number of endpoints
[  153.404355][    T9] ni6501 5-1:0.238: driver 'ni6501' failed to auto-configure device.
[  153.412514][ T5931] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  153.444789][ T5857] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  153.452832][ T5857] usb 1-1: Product: syz
[  153.457660][ T5857] usb 1-1: Manufacturer: syz
[  153.468947][ T5857] usb 1-1: SerialNumber: syz
[  153.495302][   T29] usb 5-1: USB disconnect, device number 11
[  153.516508][ T5857] usb 1-1: 0:2 : does not exist
[  153.570627][ T5931] usb 4-1: config 1 has an invalid descriptor of length 220, skipping remainder of the config
[  153.593896][ T5931] usb 4-1: config 1 interface 0 altsetting 100 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  153.627134][ T5931] usb 4-1: config 1 interface 0 has no altsetting 0
[  153.651611][ T5931] usb 4-1: New USB device found, idVendor=0458, idProduct=9317, bcdDevice=f5.2f
[  153.663051][ T5931] usb 4-1: New USB device strings: Mfr=66, Product=2, SerialNumber=3
[  153.682286][ T5931] usb 4-1: Product: 퇿䃜䙕臸봥呋丕䝢问ᛏ䓍侫ǯ⣷ᲇ菶눸蒜葅㻋솰嫐ꓮ⎜崥륧䋡吩缰摺셢
[  153.701267][ T5931] usb 4-1: Manufacturer: syz
[  153.714993][ T5931] usb 4-1: SerialNumber: Ќ
[  153.718286][ T5857] usb 1-1: 5:0: failed to get current value for ch 0 (-22)
[  153.888149][ T5857] usb 1-1: USB disconnect, device number 6
[  153.920458][ T7540] netlink: 'syz.2.639': attribute type 3 has an invalid length.
[  154.027564][ T6960] udevd[6960]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  154.091453][ T5931] usbhid 4-1:1.0: couldn't find an input interrupt endpoint
[  154.127506][ T5931] usb 4-1: USB disconnect, device number 19
[  154.178941][ T7548] Bluetooth: hci0: unsupported parameter 255
[  154.200126][ T7548] Bluetooth: hci0: invalid length 0, exp 2 for type 0
[  154.557228][ T7568] capability: warning: `syz.0.651' uses 32-bit capabilities (legacy support in use)
[  154.601199][ T7568] program syz.0.651 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  156.234089][ T5857] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  156.277225][ T7603] netlink: 'syz.1.668': attribute type 4 has an invalid length.
[  156.587510][ T5857] usb 3-1: Using ep0 maxpacket: 16
[  156.760818][ T5857] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  156.794844][ T5857] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  156.819921][ T5857] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  156.858764][ T5857] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  156.877832][ T5857] usb 3-1: Product: syz
[  156.889563][ T5857] usb 3-1: Manufacturer: syz
[  156.902049][ T5857] usb 3-1: SerialNumber: syz
[  156.908460][ T5849] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  156.926007][ T5857] usb 3-1: 0:2 : does not exist
[  157.137108][ T5857] usb 3-1: 5:0: failed to get current value for ch 0 (-22)
[  157.205976][ T5849] usb 1-1: config 1 has an invalid descriptor of length 220, skipping remainder of the config
[  157.247846][ T5849] usb 1-1: config 1 interface 0 altsetting 100 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  157.303393][ T5849] usb 1-1: config 1 interface 0 has no altsetting 0
[  157.321295][ T5857] usb 3-1: USB disconnect, device number 2
[  157.369138][ T5849] usb 1-1: New USB device found, idVendor=0458, idProduct=9317, bcdDevice=f5.2f
[  157.406811][ T5849] usb 1-1: New USB device strings: Mfr=66, Product=2, SerialNumber=3
[  157.439293][ T5849] usb 1-1: Product: 퇿䃜䙕臸봥呋丕䝢问ᛏ䓍侫ǯ⣷ᲇ菶눸蒜葅㻋솰嫐ꓮ⎜崥륧䋡吩缰摺셢
[  157.469002][ T5863] udevd[5863]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  157.487408][ T5849] usb 1-1: Manufacturer: syz
[  157.500756][ T5849] usb 1-1: SerialNumber: Ќ
[  157.920839][ T5849] usbhid 1-1:1.0: couldn't find an input interrupt endpoint
[  157.982555][ T5849] usb 1-1: USB disconnect, device number 7
[  158.948823][ T7652] 9p: Bad value for 'rfdno'
[  160.174485][   T10] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  160.336934][   T10] usb 4-1: config 0 has an invalid interface number: 238 but max is 0
[  160.371416][   T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  160.400102][   T10] usb 4-1: config 0 has no interface number 0
[  160.425234][   T10] usb 4-1: config 0 interface 238 altsetting 2 endpoint 0x4 has invalid wMaxPacketSize 0
[  160.451122][   T10] usb 4-1: config 0 interface 238 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 0
[  160.475290][   T10] usb 4-1: config 0 interface 238 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  160.488777][   T10] usb 4-1: config 0 interface 238 has no altsetting 0
[  160.498727][   T10] usb 4-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=f6.6a
[  160.508426][   T10] usb 4-1: New USB device strings: Mfr=181, Product=147, SerialNumber=160
[  160.517264][   T10] usb 4-1: Product: syz
[  160.521599][   T10] usb 4-1: Manufacturer: syz
[  160.526756][   T10] usb 4-1: SerialNumber: syz
[  160.538465][   T10] usb 4-1: config 0 descriptor??
[  160.565576][   T10] comedi comedi5: Wrong number of endpoints
[  160.577792][   T10] ni6501 4-1:0.238: driver 'ni6501' failed to auto-configure device.
[  160.620299][ T7706] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  160.769743][ T5849] usb 4-1: USB disconnect, device number 20
[  160.946948][ T7719] 9p: Bad value for 'rfdno'
[  161.319342][ T7737] Bluetooth: hci0: invalid length 0, exp 2 for type 0
[  161.545215][    T9] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  161.710491][ T7759] netlink: 'syz.0.736': attribute type 55 has an invalid length.
[  161.737900][    T9] usb 2-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  161.753442][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  161.788422][ T7761] netlink: 'syz.3.737': attribute type 4 has an invalid length.
[  161.809921][    T9] usb 2-1: config 0 descriptor??
[  162.086419][ T7777] netlink: 8 bytes leftover after parsing attributes in process `syz.4.745'.
[  162.233234][ T5849] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  162.289928][ T7786] netlink: 24 bytes leftover after parsing attributes in process `syz.0.750'.
[  162.404724][ T5849] usb 4-1: config 0 has an invalid interface number: 238 but max is 0
[  162.413827][ T5849] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  162.427700][ T5849] usb 4-1: config 0 has no interface number 0
[  162.437080][ T5849] usb 4-1: config 0 interface 238 altsetting 2 endpoint 0x4 has invalid wMaxPacketSize 0
[  162.447807][ T5849] usb 4-1: config 0 interface 238 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 0
[  162.458155][ T5849] usb 4-1: config 0 interface 238 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  162.472861][ T5849] usb 4-1: config 0 interface 238 has no altsetting 0
[  162.484536][ T5849] usb 4-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=f6.6a
[  162.493831][ T5849] usb 4-1: New USB device strings: Mfr=181, Product=147, SerialNumber=160
[  162.502403][ T5849] usb 4-1: Product: syz
[  162.505671][ T5842] Bluetooth: hci4: command 0x0405 tx timeout
[  162.507356][ T5849] usb 4-1: Manufacturer: syz
[  162.517713][ T5849] usb 4-1: SerialNumber: syz
[  162.525323][ T5849] usb 4-1: config 0 descriptor??
[  162.549773][ T5849] comedi comedi5: Wrong number of endpoints
[  162.569717][ T5849] ni6501 4-1:0.238: driver 'ni6501' failed to auto-configure device.
[  162.623862][   T29] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  162.760500][ T5857] usb 4-1: USB disconnect, device number 21
[  162.803512][   T29] usb 1-1: Using ep0 maxpacket: 8
[  162.823168][   T29] usb 1-1: config index 0 descriptor too short (expected 30, got 18)
[  162.845364][   T29] usb 1-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  162.862857][   T29] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  162.873315][   T29] usb 1-1: Product: syz
[  162.879058][   T29] usb 1-1: Manufacturer: syz
[  162.885494][   T29] usb 1-1: SerialNumber: syz
[  162.902872][   T29] usb 1-1: config 0 descriptor??
[  162.915616][   T29] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  162.927420][   T29] usb 1-1: setting power ON
[  162.945868][   T29] dvb-usb: bulk message failed: -22 (2/0)
[  162.991272][   T29] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  163.008087][   T29] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  163.032464][   T29] usb 1-1: media controller created
[  163.107442][   T29] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  163.171274][   T29] usb 1-1: selecting invalid altsetting 6
[  163.180273][   T29] usb 1-1: digital interface selection failed (-22)
[  163.188060][   T29] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  163.204318][   T29] usb 1-1: setting power OFF
[  163.215050][   T29] dvb-usb: bulk message failed: -22 (2/0)
[  163.223960][   T29] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  163.235374][   T29] (NULL device *): no alternate interface
[  163.362353][   T29] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  163.406380][   T29] usb 1-1: USB disconnect, device number 8
[  163.856120][    T9] usb 2-1: Cannot set autoneg
[  163.872622][    T9] MOSCHIP usb-ethernet driver 2-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[  163.910151][    T9] usb 2-1: USB disconnect, device number 16
[  164.497216][ T7840] 9p: Bad value for 'rfdno'
[  164.712728][ T7850] Bluetooth: hci0: invalid length 0, exp 2 for type 0
[  164.817111][ T7853] netlink: 'syz.0.780': attribute type 4 has an invalid length.
[  165.374525][ T7877] Bluetooth: hci0: invalid length 0, exp 2 for type 0
[  165.662914][ T7884] program syz.2.793 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  166.376579][ T7905] Bluetooth: hci0: invalid length 0, exp 2 for type 0
[  166.393265][ T5849] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  166.547018][ T5849] usb 3-1: config 1 has an invalid descriptor of length 220, skipping remainder of the config
[  166.571186][ T5849] usb 3-1: config 1 interface 0 altsetting 100 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  166.602212][ T5849] usb 3-1: config 1 interface 0 has no altsetting 0
[  166.631154][ T5849] usb 3-1: New USB device found, idVendor=0458, idProduct=9317, bcdDevice=f5.2f
[  166.661135][ T5849] usb 3-1: New USB device strings: Mfr=66, Product=2, SerialNumber=3
[  166.680209][ T5849] usb 3-1: Product: 퇿䃜䙕臸봥呋丕䝢问ᛏ䓍侫ǯ⣷ᲇ菶눸蒜葅㻋솰嫐ꓮ⎜崥륧䋡吩缰摺셢Ⴑَ⠲⿭ɮ王苚䷏ʔ➲尵꛻៑픖큵랓靶게
[  166.718965][ T5849] usb 3-1: Manufacturer: syz
[  166.733314][ T5849] usb 3-1: SerialNumber: Ќ
[  166.818524][ T7917] netlink: 12 bytes leftover after parsing attributes in process `syz.0.807'.
[  167.145357][ T5849] usbhid 3-1:1.0: couldn't find an input interrupt endpoint
[  167.149382][ T7933] netlink: 8 bytes leftover after parsing attributes in process `syz.4.813'.
[  167.182967][ T5849] usb 3-1: USB disconnect, device number 3
[  167.388176][ T7941] netlink: 'syz.0.818': attribute type 4 has an invalid length.
[  167.426383][ T7945] netlink: 12 bytes leftover after parsing attributes in process `syz.1.820'.
[  167.513911][ T5857] usb 4-1: new full-speed USB device number 22 using dummy_hcd
[  167.678136][ T5857] usb 4-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  167.697635][ T5857] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  167.725539][ T5857] usb 4-1: Product: syz
[  167.738377][ T5857] usb 4-1: Manufacturer: syz
[  167.750638][ T5857] usb 4-1: SerialNumber: syz
[  167.773723][ T5857] usb 4-1: config 0 descriptor??
[  167.792269][ T5857] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  168.318952][ T7975] netlink: 12 bytes leftover after parsing attributes in process `syz.2.833'.
[  168.417091][ T7980] program syz.1.835 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  168.466853][ T5931] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  168.660620][ T5931] usb 5-1: Using ep0 maxpacket: 8
[  168.711082][ T5931] usb 5-1: config index 0 descriptor too short (expected 30, got 18)
[  168.800640][ T5931] usb 5-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  168.844083][ T5931] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  168.880583][ T5931] usb 5-1: Product: syz
[  168.898365][ T5931] usb 5-1: Manufacturer: syz
[  168.938993][ T5931] usb 5-1: SerialNumber: syz
[  169.074785][ T5931] usb 5-1: config 0 descriptor??
[  169.096041][ T5931] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  169.117293][ T5931] usb 5-1: setting power ON
[  169.127377][ T5931] dvb-usb: bulk message failed: -22 (2/0)
[  169.172534][ T5931] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  169.201142][ T5931] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  169.214458][ T5857] gspca_stk1135: reg_w 0xf err -71
[  169.220165][ T5931] usb 5-1: media controller created
[  169.234678][ T5857] gspca_stk1135: serial bus timeout: status=0x00
[  169.260387][ T5857] gspca_stk1135: Sensor write failed
[  169.273207][ T5857] gspca_stk1135: serial bus timeout: status=0x00
[  169.291079][ T5931] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  169.294951][ T5857] gspca_stk1135: Sensor write failed
[  169.338572][ T5857] gspca_stk1135: serial bus timeout: status=0x00
[  169.354209][ T5857] gspca_stk1135: Sensor read failed
[  169.370058][ T5857] gspca_stk1135: serial bus timeout: status=0x00
[  169.385248][ T5857] gspca_stk1135: Sensor read failed
[  169.403191][ T5857] gspca_stk1135: Detected sensor type unknown (0x0)
[  169.417130][ T5931] usb 5-1: selecting invalid altsetting 6
[  169.420986][ T5857] gspca_stk1135: serial bus timeout: status=0x00
[  169.435333][ T5931] usb 5-1: digital interface selection failed (-22)
[  169.441161][ T5857] gspca_stk1135: Sensor read failed
[  169.460330][ T5931] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  169.473094][ T5857] gspca_stk1135: serial bus timeout: status=0x00
[  169.491845][ T5931] usb 5-1: setting power OFF
[  169.494632][ T5857] gspca_stk1135: Sensor read failed
[  169.507790][ T5931] dvb-usb: bulk message failed: -22 (2/0)
[  169.516409][ T5857] gspca_stk1135: serial bus timeout: status=0x00
[  169.527664][ T5857] gspca_stk1135: Sensor write failed
[  169.535045][ T5857] gspca_stk1135: serial bus timeout: status=0x00
[  169.544710][ T5857] gspca_stk1135: Sensor write failed
[  169.550081][ T5931] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  169.550177][ T5857] stk1135 4-1:0.0: probe with driver stk1135 failed with error -71
[  169.577784][ T5931] (NULL device *): no alternate interface
[  169.594663][ T5857] usb 4-1: USB disconnect, device number 22
[  169.675085][ T5931] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  169.709517][ T5931] usb 5-1: USB disconnect, device number 12
[  169.720140][ T8003] netlink: 8 bytes leftover after parsing attributes in process `syz.2.845'.
[  169.809758][ T8005] netlink: 'syz.0.847': attribute type 4 has an invalid length.
[  169.886112][ T8008] netlink: 32 bytes leftover after parsing attributes in process `syz.2.848'.
[  169.931204][ T8008] netlink: 32 bytes leftover after parsing attributes in process `syz.2.848'.
[  170.714514][ T8029] Bluetooth: hci0: invalid length 0, exp 2 for type 0
[  170.745856][ T8033] netlink: 8 bytes leftover after parsing attributes in process `syz.2.859'.
[  170.846322][ T8035] netlink: 'syz.3.860': attribute type 4 has an invalid length.
[  171.103995][ T5857] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  171.265884][ T5857] usb 5-1: Using ep0 maxpacket: 8
[  171.274705][ T5857] usb 5-1: config index 0 descriptor too short (expected 30, got 18)
[  171.295062][ T5857] usb 5-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  171.312612][ T5857] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  171.484146][ T5857] usb 5-1: Product: syz
[  171.554943][ T5857] usb 5-1: Manufacturer: syz
[  171.673494][ T5857] usb 5-1: SerialNumber: syz
[  171.752615][ T5857] usb 5-1: config 0 descriptor??
[  171.770880][ T8057] netlink: 'syz.3.870': attribute type 1 has an invalid length.
[  171.784714][ T5857] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  171.813463][ T5857] usb 5-1: setting power ON
[  171.833995][ T5857] dvb-usb: bulk message failed: -22 (2/0)
[  171.864698][ T8057] bond1: entered promiscuous mode
[  171.870138][ T8057] 8021q: adding VLAN 0 to HW filter on device bond1
[  171.889991][ T5857] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  171.935162][ T5857] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  171.974793][ T5857] usb 5-1: media controller created
[  172.016614][ T8059] 8021q: adding VLAN 0 to HW filter on device bond1
[  172.026155][ T5857] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  172.054491][ T8059] bond1: (slave vti0): The slave device specified does not support setting the MAC address
[  172.073123][ T8059] bond1: (slave vti0): Setting fail_over_mac to active for active-backup mode
[  172.107331][ T8059] bond1: (slave vti0): making interface the new active one
[  172.112785][ T5857] usb 5-1: selecting invalid altsetting 6
[  172.133376][ T8059] vti0: entered promiscuous mode
[  172.138336][ T5857] usb 5-1: digital interface selection failed (-22)
[  172.138357][ T5857] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  172.142384][ T5857] usb 5-1: setting power OFF
[  172.158199][ T8059] bond1: (slave vti0): Enslaving as an active interface with an up link
[  172.180096][ T5857] dvb-usb: bulk message failed: -22 (2/0)
[  172.200478][ T5857] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  172.236948][ T5857] (NULL device *): no alternate interface
[  172.401347][   T29] kernel write not supported for file /vcs (pid: 29 comm: kworker/1:1)
[  172.869274][ T8078] program syz.3.877 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  173.250950][ T5857] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  173.268636][ T5857] usb 5-1: USB disconnect, device number 13
[  174.423194][   T10] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  174.593221][   T10] usb 1-1: Using ep0 maxpacket: 8
[  174.611588][   T10] usb 1-1: config index 0 descriptor too short (expected 30, got 18)
[  174.633913][   T10] usb 1-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  174.653057][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  174.675609][   T10] usb 1-1: Product: syz
[  174.679831][   T10] usb 1-1: Manufacturer: syz
[  174.693153][   T10] usb 1-1: SerialNumber: syz
[  174.710044][   T10] usb 1-1: config 0 descriptor??
[  174.726544][   T10] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  174.755069][   T10] usb 1-1: setting power ON
[  174.765602][   T10] dvb-usb: bulk message failed: -22 (2/0)
[  174.786753][   T10] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  174.808438][   T10] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  174.817318][ T5857] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  174.836290][   T10] usb 1-1: media controller created
[  174.884010][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  174.959023][   T10] usb 1-1: selecting invalid altsetting 6
[  174.964992][ T5857] usb 4-1: device descriptor read/64, error -71
[  174.984678][   T10] usb 1-1: digital interface selection failed (-22)
[  174.999376][   T10] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  175.024520][   T10] usb 1-1: setting power OFF
[  175.036532][   T10] dvb-usb: bulk message failed: -22 (2/0)
[  175.056449][   T10] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  175.084552][   T10] (NULL device *): no alternate interface
[  175.163919][   T10] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  175.195849][   T10] usb 1-1: USB disconnect, device number 9
[  175.204770][ T5863] udevd[5863]: setting mode of /dev/bus/usb/001/009 to 020664 failed: No such file or directory
[  175.225861][ T5857] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  175.239804][ T5863] udevd[5863]: setting owner of /dev/bus/usb/001/009 to uid=0, gid=0 failed: No such file or directory
[  175.373944][ T5857] usb 4-1: device descriptor read/64, error -71
[  175.503431][ T5857] usb usb4-port1: attempt power cycle
[  175.914567][ T5857] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  175.943704][ T5857] usb 4-1: device descriptor read/8, error -71
[  176.113356][ T5849] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  176.203231][ T5857] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  176.235798][ T5857] usb 4-1: device descriptor read/8, error -71
[  176.295073][ T5849] usb 3-1: config 0 has an invalid interface number: 238 but max is 0
[  176.311850][ T5849] usb 3-1: config 0 has no interface number 0
[  176.328385][ T5849] usb 3-1: config 0 interface 238 altsetting 2 endpoint 0x4 has invalid wMaxPacketSize 0
[  176.348571][ T5849] usb 3-1: config 0 interface 238 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 0
[  176.353479][ T5857] usb usb4-port1: unable to enumerate USB device
[  176.369952][ T8158] Bluetooth: hci0: invalid length 0, exp 2 for type 0
[  176.370237][ T5849] usb 3-1: config 0 interface 238 altsetting 2 has an invalid descriptor for endpoint zero, skipping
[  176.389488][ T5849] usb 3-1: config 0 interface 238 has no altsetting 0
[  176.399312][ T5849] usb 3-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=f6.6a
[  176.410853][ T5849] usb 3-1: New USB device strings: Mfr=181, Product=147, SerialNumber=160
[  176.419759][ T5849] usb 3-1: Product: syz
[  176.425178][ T5849] usb 3-1: Manufacturer: syz
[  176.429868][ T5849] usb 3-1: SerialNumber: syz
[  176.433088][    T9] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  176.448217][ T5849] usb 3-1: config 0 descriptor??
[  176.475047][ T5849] comedi comedi5: Wrong number of endpoints
[  176.485878][ T5849] ni6501 3-1:0.238: driver 'ni6501' failed to auto-configure device.
[  176.597112][    T9] usb 1-1: config 1 has an invalid descriptor of length 220, skipping remainder of the config
[  176.614754][    T9] usb 1-1: config 1 interface 0 altsetting 100 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  176.655882][    T9] usb 1-1: config 1 interface 0 has no altsetting 0
[  176.668855][    T9] usb 1-1: New USB device found, idVendor=0458, idProduct=9317, bcdDevice=f5.2f
[  176.675559][ T5849] usb 3-1: USB disconnect, device number 4
[  176.681233][    T9] usb 1-1: New USB device strings: Mfr=66, Product=2, SerialNumber=3
[  176.694911][    T9] usb 1-1: Product: 퇿䃜䙕臸봥呋丕䝢问ᛏ䓍侫ǯ⣷ᲇ菶눸蒜葅㻋솰嫐ꓮ⎜崥륧䋡吩缰摺셢Ⴑَ⠲⿭ɮ王苚䷏ʔ➲尵꛻៑픖큵랓靶게鳳ч矄ᩊ䊸ꑤ鯺
[  176.717716][    T9] usb 1-1: Manufacturer: syz
[  176.722366][    T9] usb 1-1: SerialNumber: Ќ
[  177.201394][    T9] usbhid 1-1:1.0: couldn't find an input interrupt endpoint
[  177.249928][    T9] usb 1-1: USB disconnect, device number 10
[  177.707589][ T8183] binder: 8182:8183 ioctl 4018620d 0 returned -22
[  178.028732][ T8190] faux_driver vgem: [drm] Unknown color mode 9; guessing buffer size.
[  178.977323][ T8214] netlink: 'syz.0.938': attribute type 4 has an invalid length.
[  179.032407][ T8216] binder: 8215:8216 ioctl 4018620d 0 returned -22
[  179.133092][    T9] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  179.263103][    T9] usb 3-1: device descriptor read/64, error -71
[  179.343104][   T10] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  179.495622][   T10] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  179.509029][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  179.522259][    T9] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  179.531471][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  179.548130][   T10] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  179.561731][   T10] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  179.571185][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  179.588147][   T10] usb 4-1: config 0 descriptor??
[  179.596474][ T8220] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  179.673109][    T9] usb 3-1: device descriptor read/64, error -71
[  179.786069][    T9] usb usb3-port1: attempt power cycle
[  179.902049][ T8237] netlink: 'syz.0.949': attribute type 4 has an invalid length.
[  179.989705][   T30] audit: type=1326 audit(1773800180.625:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8240 comm="syz.0.951" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5b6bb9c799 code=0x0
[  180.039188][   T10] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  180.047304][   T10] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  180.062710][   T10] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  180.072399][   T10] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  180.082446][   T10] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  180.124922][   T10] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  180.153331][    T9] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  180.185878][    T9] usb 3-1: device descriptor read/8, error -71
[  180.433140][    T9] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  180.453707][    T9] usb 3-1: device descriptor read/8, error -71
[  180.688087][    T9] usb usb3-port1: unable to enumerate USB device
[  182.162114][ T8270] netlink: 'syz.4.962': attribute type 4 has an invalid length.
[  182.327629][ T8283] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  182.345465][ T8283] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  182.579446][   T10] IPVS: starting estimator thread 0...
[  182.640512][ T5931] usb 4-1: USB disconnect, device number 27
[  182.705055][ T8297] IPVS: using max 32 ests per chain, 76800 per kthread
[  182.773831][ T8304] netlink: 'syz.2.977': attribute type 4 has an invalid length.
[  184.848550][ T8364] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  184.857485][ T8364] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  184.978491][ T8340] netlink: 44 bytes leftover after parsing attributes in process `syz.1.993'.
[  184.987318][ T8366] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1001'.
[  185.091922][ T8340] netlink: 12 bytes leftover after parsing attributes in process `syz.1.993'.
[  185.168908][ T8340] netlink: 8 bytes leftover after parsing attributes in process `syz.1.993'.
[  185.293351][   T10] usb 5-1: new full-speed USB device number 14 using dummy_hcd
[  185.505078][   T10] usb 5-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  185.533076][   T10] usb 5-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  185.562134][   T10] usb 5-1: Product: syz
[  185.587210][   T10] usb 5-1: Manufacturer: syz
[  185.613223][   T10] usb 5-1: SerialNumber: syz
[  185.654639][   T10] usb 5-1: config 0 descriptor??
[  185.693104][ T5931] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  185.929992][ T5931] usb 3-1: config 1 has an invalid descriptor of length 220, skipping remainder of the config
[  185.981604][ T5931] usb 3-1: config 1 interface 0 altsetting 100 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  186.027697][ T8389] binder: 8388:8389 ioctl 4018620d 0 returned -22
[  186.035148][ T5931] usb 3-1: config 1 interface 0 has no altsetting 0
[  186.037937][ T8391] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  186.069108][ T5931] usb 3-1: New USB device found, idVendor=0458, idProduct=9317, bcdDevice=f5.2f
[  186.069538][ T8391] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  186.118400][ T5931] usb 3-1: New USB device strings: Mfr=66, Product=2, SerialNumber=3
[  186.146439][ T5931] usb 3-1: Product: 퇿䃜䙕臸봥呋丕䝢问ᛏ䓍侫ǯ⣷ᲇ菶눸蒜葅㻋솰嫐ꓮ⎜崥륧䋡吩缰摺셢Ⴑَ⠲⿭ɮ王苚䷏ʔ➲尵꛻៑픖큵랓靶게鳳ч矄ᩊ䊸ꑤ鯺䥙㶾㜏翸
[  186.201258][ T5931] usb 3-1: Manufacturer: syz
[  186.211116][ T5931] usb 3-1: SerialNumber: Ќ
[  186.591837][ T5931] usbhid 3-1:1.0: couldn't find an input interrupt endpoint
[  186.631613][ T5931] usb 3-1: USB disconnect, device number 9
[  187.380845][ T8420] binder: 8419:8420 ioctl 4018620d 0 returned -22
[  187.625041][ T8429] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1028'.
[  188.427804][ T8453] binder: 8452:8453 ioctl 4018620d 0 returned -22
[  188.515723][ T5931] usb 5-1: USB disconnect, device number 14
[  188.872317][ T8465] 9p: Bad value for 'rfdno'
[  189.034233][ T5931] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  189.213472][ T5931] usb 5-1: Using ep0 maxpacket: 8
[  189.247708][ T5931] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  189.289048][ T5931] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  189.330061][ T5931] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  189.369501][ T5931] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  189.405017][ T5931] usb 5-1: config 0 descriptor??
[  189.526468][ T8475] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1050'.
[  190.827550][   T10] usb 5-1: USB disconnect, device number 15
[  191.749349][ T8507] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1062'.
[  194.126585][ T1316] ieee802154 phy0 wpan0: encryption failed: -22
[  194.137655][ T1316] ieee802154 phy1 wpan1: encryption failed: -22
[  196.187406][   T51] Bluetooth: hci0: command 0x0406 tx timeout
[  196.194164][   T51] Bluetooth: hci1: command 0x0406 tx timeout
[  196.200232][ T5856] Bluetooth: hci2: command 0x0406 tx timeout
[  196.209157][ T5164] Bluetooth: hci3: command 0x0406 tx timeout
[  196.265854][ T8628] binder: 8627:8628 ioctl 4018620d 0 returned -22
[  197.528279][ T8658] binder: 8656:8658 ioctl 4018620d 0 returned -22
[  197.755728][ T8669] binder: 8668:8669 ioctl c0306201 0 returned -14
[  197.829017][   T30] audit: type=1326 audit(1773800198.465:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8668 comm="syz.1.1131" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7efef759c799 code=0x0
[  199.814960][   T10] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  199.913331][ T8737] netlink: 'syz.3.1159': attribute type 1 has an invalid length.
[  200.013160][   T10] usb 1-1: Using ep0 maxpacket: 8
[  200.040699][   T10] usb 1-1: unable to get BOS descriptor or descriptor too short
[  200.082471][   T10] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 249, changing to 7
[  200.137865][ T8737] bond2: entered promiscuous mode
[  200.147471][ T8737] 8021q: adding VLAN 0 to HW filter on device bond2
[  200.210662][   T10] usb 1-1: New USB device found, idVendor=2b53, idProduct=0031, bcdDevice= 0.40
[  200.222666][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  200.242148][   T10] usb 1-1: Product: syz
[  200.252506][   T10] usb 1-1: Manufacturer: syz
[  200.257305][   T10] usb 1-1: SerialNumber: syz
[  201.855220][   T10] usb 1-1: USB disconnect, device number 11
[  201.944962][ T8780] tipc: Started in network mode
[  201.988996][ T8780] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[  202.043212][ T8780] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  202.355873][ T5859] udevd[5859]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  204.848303][ T5918] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  205.045391][ T5918] usb 5-1: Using ep0 maxpacket: 16
[  205.187935][ T5918] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  205.314848][ T5918] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  205.329372][ T5918] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  205.357277][ T5918] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  205.372687][ T5918] usb 5-1: Product: syz
[  205.962429][ T5918] usb 5-1: Manufacturer: syz
[  205.968735][ T5918] usb 5-1: SerialNumber: syz
[  206.014640][ T5918] usb 5-1: 0:2 : does not exist
[  206.220746][ T5918] usb 5-1: 5:0: failed to get current value for ch 0 (-22)
[  206.406580][ T5918] usb 5-1: USB disconnect, device number 16
[  207.480235][ T8918] IPv6: NLM_F_REPLACE set, but no existing node found!
[  208.261160][   T10] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  208.433511][   T10] usb 2-1: Using ep0 maxpacket: 16
[  208.445393][   T10] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  208.467440][   T10] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  208.488346][   T10] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  208.507178][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  208.524247][   T10] usb 2-1: Product: syz
[  208.544387][   T10] usb 2-1: Manufacturer: syz
[  208.559153][   T10] usb 2-1: SerialNumber: syz
[  208.588642][   T10] usb 2-1: 0:2 : does not exist
[  208.796648][   T10] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[  208.907035][   T10] usb 2-1: USB disconnect, device number 17
[  208.960039][ T5863] udevd[5863]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  210.122236][ T8991] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1265'.
[  210.131569][ T8991] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1265'.
[  210.159010][ T8991] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1265'.
[  210.251847][ T8997] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1268'.
[  211.679693][ T9044] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1287'.
[  213.794953][ T5849] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  214.372839][ T9083] 9p: Bad value for 'wfdno'
[  214.465744][ T5918] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  214.496976][ T5849] usb 2-1: no configurations
[  214.502238][ T5849] usb 2-1: can't read configurations, error -22
[  214.639610][ T5918] usb 3-1: config 1 has an invalid descriptor of length 220, skipping remainder of the config
[  214.652548][ T5918] usb 3-1: config 1 interface 0 altsetting 100 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  214.666914][ T5849] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  214.675411][ T5918] usb 3-1: config 1 interface 0 has no altsetting 0
[  214.685820][ T5918] usb 3-1: New USB device found, idVendor=0458, idProduct=9317, bcdDevice=f5.2f
[  214.695185][ T5918] usb 3-1: New USB device strings: Mfr=66, Product=2, SerialNumber=3
[  214.704316][ T5918] usb 3-1: Product: 퇿䃜䙕臸봥呋丕䝢问ᛏ䓍侫ǯ⣷ᲇ菶눸蒜葅㻋솰嫐ꓮ⎜崥륧䋡吩缰摺셢Ⴑَ⠲⿭ɮ王苚䷏ʔ➲尵꛻៑픖큵랓靶게鳳ч矄ᩊ䊸ꑤ鯺䥙㶾㜏翸碎ᗲ擊
[  214.727703][ T5918] usb 3-1: Manufacturer: syz
[  214.732864][ T5918] usb 3-1: SerialNumber: Ќ
[  214.845180][ T5849] usb 2-1: no configurations
[  214.850147][ T5849] usb 2-1: can't read configurations, error -22
[  214.856963][ T5849] usb usb2-port1: attempt power cycle
[  215.004601][ T5918] usbhid 3-1:1.0: couldn't find an input interrupt endpoint
[  215.026657][ T5918] usb 3-1: USB disconnect, device number 10
[  215.191254][ T9086] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1301'.
[  215.223523][ T5849] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  215.244103][ T5849] usb 2-1: no configurations
[  215.249791][ T5849] usb 2-1: can't read configurations, error -22
[  215.393118][ T5849] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  215.425615][ T5849] usb 2-1: no configurations
[  215.435954][ T5849] usb 2-1: can't read configurations, error -22
[  215.449676][ T5849] usb usb2-port1: unable to enumerate USB device
[  216.434431][ T9121] binder: 9120:9121 ioctl c0306201 0 returned -14
[  216.510549][   T30] audit: type=1326 audit(1773800217.145:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9120 comm="syz.3.1317" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe61e59c799 code=0x0
[  216.579648][ T9124] trusted_key: encrypted_key: insufficient parameters specified
[  216.927681][ T9133] netlink: 'syz.2.1321': attribute type 4 has an invalid length.
[  217.203791][   T10] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  217.363168][    T9] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  217.378340][   T10] usb 5-1: config 1 has an invalid descriptor of length 220, skipping remainder of the config
[  217.411991][   T10] usb 5-1: config 1 interface 0 altsetting 100 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  217.430443][   T10] usb 5-1: config 1 interface 0 has no altsetting 0
[  217.545961][   T10] usb 5-1: New USB device found, idVendor=0458, idProduct=9317, bcdDevice=f5.2f
[  217.555370][   T10] usb 5-1: New USB device strings: Mfr=66, Product=2, SerialNumber=3
[  217.565217][   T10] usb 5-1: Product: 퇿䃜䙕臸봥呋丕䝢问ᛏ䓍侫ǯ⣷ᲇ菶눸蒜葅㻋솰嫐ꓮ⎜崥륧䋡吩缰摺셢Ⴑَ⠲⿭ɮ王苚䷏ʔ➲尵꛻៑픖큵랓靶게鳳ч矄ᩊ䊸ꑤ鯺䥙㶾㜏翸碎ᗲ擊
[  217.588344][   T10] usb 5-1: Manufacturer: syz
[  217.593083][   T10] usb 5-1: SerialNumber: Ќ
[  217.623450][    T9] usb 1-1: Using ep0 maxpacket: 8
[  218.144895][    T9] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  218.169956][    T9] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  218.245064][    T9] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  218.255876][    T9] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  218.269609][    T9] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  218.303319][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  218.330153][ T9155] vivid-007: =================  START STATUS  =================
[  218.362832][ T9155] vivid-007: Enable Output Cropping: true grabbed
[  218.438357][ T9155] vivid-007: Enable Output Composing: true grabbed
[  218.446055][   T10] usbhid 5-1:1.0: couldn't find an input interrupt endpoint
[  218.476615][ T9155] 
[  218.497756][   T10] usb 5-1: USB disconnect, device number 17
[  218.609329][    T9] usb 1-1: GET_CAPABILITIES returned 0
[  218.645528][    T9] usbtmc 1-1:16.0: can't read capabilities
[  218.802843][ T9155] vivid-007: Enable Output Scaler: true grabbed
[  218.839138][ T9170] netlink: 'syz.3.1334': attribute type 4 has an invalid length.
[  218.847588][ T9155] vivid-007: Tx RGB Quantization Range: Automatic grabbed
[  218.866298][ T9155] vivid-007: Transmit Mode: HDMI grabbed
[  219.136452][ T9155] vivid-007: Hotplug Present: 0x00000000
[  219.151964][ T9155] vivid-007: RxSense Present: 0x00000000
[  219.182724][ T9155] vivid-007: EDID Present: 0x00000000
[  219.201292][ T9155] vivid-007: ==================  END STATUS  ==================
[  219.743305][    T9] IPVS: starting estimator thread 0...
[  219.969837][ T9184] IPVS: using max 43 ests per chain, 103200 per kthread
[  221.153141][    T9] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  221.187041][ T5849] usb 1-1: USB disconnect, device number 12
[  221.813052][    T9] usb 2-1: Using ep0 maxpacket: 16
[  221.829502][    T9] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0102, bcdDevice= 0.40
[  221.853047][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  221.881491][    T9] usb 2-1: Product: syz
[  221.892075][    T9] usb 2-1: Manufacturer: syz
[  221.901568][    T9] usb 2-1: SerialNumber: syz
[  223.157986][    T9] snd-usb-audio 2-1:1.0: probe with driver snd-usb-audio failed with error -71
[  223.392510][    T9] usb 2-1: USB disconnect, device number 22
[  225.013413][ T5857] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  225.203330][ T5857] usb 2-1: Using ep0 maxpacket: 8
[  225.264967][ T5857] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  225.371144][ T5857] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  225.476142][ T5857] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  225.489005][ T5857] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  225.511075][ T5857] usb 2-1: config 0 descriptor??
[  227.925737][ T9309] netlink: 'syz.2.1388': attribute type 1 has an invalid length.
[  228.057899][ T9309] bond1: entered promiscuous mode
[  228.064531][ T9309] 8021q: adding VLAN 0 to HW filter on device bond1
[  229.771494][ T5931] usb 2-1: USB disconnect, device number 23
[  230.444238][ T9356] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1404'.
[  232.354946][ T5931] IPVS: starting estimator thread 0...
[  232.381760][   T30] audit: type=1326 audit(1773800233.005:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9379 comm="syz.3.1412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe61e59c799 code=0x7ffc0000
[  232.439991][ T9394] input: syz0 as /devices/virtual/input/input6
[  232.454573][   T30] audit: type=1326 audit(1773800233.005:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9379 comm="syz.3.1412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe61e59c799 code=0x7ffc0000
[  232.502844][   T30] audit: type=1326 audit(1773800233.045:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9379 comm="syz.3.1412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe61e55cfce code=0x7ffc0000
[  232.555026][   T30] audit: type=1326 audit(1773800233.045:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9379 comm="syz.3.1412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe61e59c799 code=0x7ffc0000
[  232.586025][ T9396] IPVS: using max 39 ests per chain, 93600 per kthread
[  232.672432][   T30] audit: type=1326 audit(1773800233.045:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9379 comm="syz.3.1412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe61e59c799 code=0x7ffc0000
[  232.759856][   T30] audit: type=1326 audit(1773800233.045:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9379 comm="syz.3.1412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=17 compat=0 ip=0x7fe61e59c799 code=0x7ffc0000
[  232.940156][ T9406] ntfs3(nullb0): Primary boot signature is not NTFS.
[  232.958552][ T9406] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  233.062184][   T30] audit: type=1326 audit(1773800233.055:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9379 comm="syz.3.1412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe61e59c799 code=0x7ffc0000
[  233.379894][   T30] audit: type=1326 audit(1773800233.055:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9379 comm="syz.3.1412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe61e59c799 code=0x7ffc0000
[  233.747821][ T5931] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  233.923196][ T5931] usb 2-1: Using ep0 maxpacket: 32
[  234.321569][ T5931] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40
[  234.343911][ T5931] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  234.380626][ T5931] usb 2-1: config 0 descriptor??
[  234.596560][ T5931] dvb-usb: found a 'Elgato EyeTV DTT' in warm state.
[  234.658468][ T5931] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  234.686463][ T5931] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT)
[  234.704335][ T5931] usb 2-1: media controller created
[  234.762167][ T5931] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  234.986852][ T5931] DVB: Unable to find symbol dib7000p_attach()
[  235.017015][ T5931] dvb-usb: no frontend was attached by 'Elgato EyeTV DTT'
[  235.154297][ T5931] rc_core: IR keymap rc-dib0700-rc5 not found
[  235.170572][ T5931] Registered IR keymap rc-empty
[  235.193922][ T5931] dvb-usb: could not initialize remote control.
[  235.209242][ T5931] dvb-usb: Elgato EyeTV DTT successfully initialized and connected.
[  235.249022][ T5931] usb 2-1: USB disconnect, device number 24
[  235.367078][ T5931] dvb-usb: Elgato EyeTV DTT successfully deinitialized and disconnected.
[  238.042908][ T9457] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] SMP KASAN PTI
[  238.054840][ T9457] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]
[  238.063274][ T9457] CPU: 1 UID: 0 PID: 9457 Comm: syz.2.1439 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  238.074218][ T9457] Tainted: [L]=SOFTLOCKUP
[  238.078536][ T9457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  238.088597][ T9457] RIP: 0010:do_dentry_open+0xaf/0x14e0
[  238.094069][ T9457] Code: 44 24 28 80 3c 28 00 74 08 4c 89 ff e8 ba 5b ef ff 4c 89 7c 24 20 4d 89 27 4d 8d 7c 24 30 4c 89 f8 48 c1 e8 03 48 89 44 24 58 <80> 3c 28 00 74 08 4c 89 ff e8 a3 5a ef ff 4c 89 7c 24 60 4d 8b 3f
[  238.113686][ T9457] RSP: 0018:ffffc900052a7638 EFLAGS: 00010206
[  238.119769][ T9457] RAX: 0000000000000006 RBX: ffff888058eadb60 RCX: 0000000000000000
[  238.127747][ T9457] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 00000000ffffffff
[  238.135717][ T9457] RBP: dffffc0000000000 R08: ffff88807809a813 R09: 1ffff1100f013502
[  238.143703][ T9457] R10: dffffc0000000000 R11: ffffed100f013503 R12: 0000000000000000
[  238.151675][ T9457] R13: 1ffff1100b1d5b7d R14: ffff888058eadbe8 R15: 0000000000000030
[  238.159650][ T9457] FS:  00007f69b112d6c0(0000) GS:ffff888125535000(0000) knlGS:0000000000000000
[  238.168584][ T9457] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  238.175258][ T9457] CR2: 00007f5b6be09f20 CR3: 0000000034adc000 CR4: 00000000003526f0
[  238.183243][ T9457] Call Trace:
[  238.186544][ T9457]  <TASK>
[  238.189480][ T9457]  ? vfs_open+0x31/0x340
[  238.193732][ T9457]  vfs_open+0x3b/0x340
[  238.197811][ T9457]  ? backing_file_open_user_path+0x12/0x50
[  238.203629][ T9457]  backing_file_open_user_path+0x24/0x50
[  238.209267][ T9457]  backing_tmpfile_open+0x9b/0xf0
[  238.214297][ T9457]  ovl_tmpfile+0x400/0x810
[  238.218707][ T9457]  ? __pfx_ovl_tmpfile+0x10/0x10
[  238.223633][ T9457]  ? _raw_spin_unlock+0x28/0x50
[  238.228468][ T9457]  ? d_alloc+0x144/0x190
[  238.232697][ T9457]  ? mode_strip_sgid+0x6a/0x1b0
[  238.237532][ T9457]  vfs_tmpfile+0x3ff/0x890
[  238.241938][ T9457]  do_tmpfile+0xd3/0x240
[  238.246172][ T9457]  path_openat+0x300d/0x3860
[  238.250748][ T9457]  ? arch_stack_walk+0xfb/0x150
[  238.255597][ T9457]  ? do_getname+0x2e/0x250
[  238.259998][ T9457]  ? stack_trace_save+0xa9/0x100
[  238.264917][ T9457]  ? __pfx_stack_trace_save+0x10/0x10
[  238.270269][ T9457]  ? __futex_wait+0x371/0x420
[  238.274943][ T9457]  ? do_getname+0x2e/0x250
[  238.279346][ T9457]  ? stack_depot_save_flags+0x33/0x810
[  238.284791][ T9457]  ? kasan_save_track+0x3e/0x80
[  238.289627][ T9457]  ? __kasan_slab_alloc+0x6c/0x80
[  238.294634][ T9457]  ? __pfx_path_openat+0x10/0x10
[  238.299557][ T9457]  ? __x64_sys_open+0x11e/0x150
[  238.304392][ T9457]  ? do_syscall_64+0x14d/0xf80
[  238.309139][ T9457]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  238.315188][ T9457]  ? __lock_acquire+0x6b5/0x2cf0
[  238.320112][ T9457]  do_file_open+0x23e/0x4a0
[  238.324617][ T9457]  ? __pfx_do_file_open+0x10/0x10
[  238.329644][ T9457]  ? _raw_spin_unlock+0x28/0x50
[  238.334493][ T9457]  ? alloc_fd+0x64b/0x6c0
[  238.338914][ T9457]  do_sys_openat2+0x113/0x200
[  238.343586][ T9457]  ? __se_sys_futex+0x3a8/0x450
[  238.348427][ T9457]  ? __pfx_do_sys_openat2+0x10/0x10
[  238.353616][ T9457]  ? rcu_is_watching+0x15/0xb0
[  238.358367][ T9457]  __x64_sys_open+0x11e/0x150
[  238.363032][ T9457]  do_syscall_64+0x14d/0xf80
[  238.367619][ T9457]  ? trace_irq_disable+0x3b/0x150
[  238.372717][ T9457]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  238.378763][ T9457]  ? clear_bhb_loop+0x40/0x90
[  238.383427][ T9457]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  238.389299][ T9457] RIP: 0033:0x7f69b019c799
[  238.393737][ T9457] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  238.413416][ T9457] RSP: 002b:00007f69b112d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  238.421813][ T9457] RAX: ffffffffffffffda RBX: 00007f69b0415fa0 RCX: 00007f69b019c799
[  238.429769][ T9457] RDX: 0000000000000008 RSI: 0000000000d5b203 RDI: 00002000000000c0
[  238.437726][ T9457] RBP: 00007f69b0232c99 R08: 0000000000000000 R09: 0000000000000000
[  238.445763][ T9457] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  238.453721][ T9457] R13: 00007f69b0416038 R14: 00007f69b0415fa0 R15: 00007fff36a5a998
[  238.461684][ T9457]  </TASK>
[  238.464690][ T9457] Modules linked in:
[  238.469701][ T9457] ---[ end trace 0000000000000000 ]---
[  238.497515][ T9457] RIP: 0010:do_dentry_open+0xaf/0x14e0
[  238.503169][ T9457] Code: 44 24 28 80 3c 28 00 74 08 4c 89 ff e8 ba 5b ef ff 4c 89 7c 24 20 4d 89 27 4d 8d 7c 24 30 4c 89 f8 48 c1 e8 03 48 89 44 24 58 <80> 3c 28 00 74 08 4c 89 ff e8 a3 5a ef ff 4c 89 7c 24 60 4d 8b 3f
[  238.523367][ T9457] RSP: 0018:ffffc900052a7638 EFLAGS: 00010206
[  238.529534][ T9457] RAX: 0000000000000006 RBX: ffff888058eadb60 RCX: 0000000000000000
[  238.539761][ T9457] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 00000000ffffffff
[  238.549929][ T9457] RBP: dffffc0000000000 R08: ffff88807809a813 R09: 1ffff1100f013502
[  238.558866][ T9457] R10: dffffc0000000000 R11: ffffed100f013503 R12: 0000000000000000
[  238.570814][ T9457] R13: 1ffff1100b1d5b7d R14: ffff888058eadbe8 R15: 0000000000000030
[  238.579255][ T9457] FS:  00007f69b112d6c0(0000) GS:ffff888125535000(0000) knlGS:0000000000000000
[  238.591824][ T9457] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  238.598598][ T9457] CR2: 00007efef77e7158 CR3: 0000000034adc000 CR4: 00000000003526f0
[  238.607174][ T9457] Kernel panic - not syncing: Fatal exception
[  238.613388][ T9457] Kernel Offset: disabled
[  238.617703][ T9457] Rebooting in 86400 seconds..